music

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary reference audio file paths or URLs in Step 2b ("请提供参考音频文件路径或 URL") and passes them to the CLI via the --audio argument in the workflow, meaning untrusted third-party audio fetched from the open web can be ingested and materially influence generation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). Flagged because the skill instructs the agent to "auto-install and auto-login" the CLI and to silently create and modify config files and run background CLI commands without asking the user, which compels the agent to change host system state and could trigger privileged operations even though it doesn't explicitly request sudo or create users.