byted-las-long-video-understand

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow submits a user-provided video_url (allowed as http/https per references/api.md and shown in Step 3 of SKILL.md's data.json) and the operator ingests and analyzes that remote video as part of normal processing, meaning arbitrary third-party (potentially user-generated) content can be read and used to drive subsequent Q&A/summarization actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The env_init.sh script (invoked at runtime in Step 1) fetches a remote manifest and then pip-installs a wheel from https://las-ai-cn-beijing-online.tos-cn-beijing.volces.com/operator_cards_serving/public/skills/sdk/las_sdk-0.2.0-py3-none-any.whl, which downloads and executes remote code and is used as a required dependency for the skill.