funasr-transcribe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's installation and runtime explicitly download and load third-party models from ModelScope (scripts/setup.py uses snapshot_download on assets/models.json) and the server initializes AutoModel (scripts/server.py) including trust_remote_code=True for some models—so untrusted external model code/files are fetched and executed as part of normal workflow, which can materially change behavior.