nexus-caiwu-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly integrates external Baidu skills via clawhub.ai (see docs/baidu-skills-integration-plan.md and scripts/baidu_skills_wrapper.py) and the ai-ppt-generator script posts to qianfan.baidubce.com to fetch news/baike/scholar/PPT content, which the agent ingests and uses (e.g., --enhance/--news/--baike flags and PPT generation) to drive analyses and outputs, exposing it to untrusted third-party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The demo and setup explicitly instruct cloning and running code from the repository https://github.com/hhhh124hhhh/Nexus-caiwu-agent (git clone ... then running python scripts/wrapper.py), which is clear evidence the URL is fetched and its remote code is executed as part of using the full skill.