Skywork-ppt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflows (e.g., workflow_generate.md and workflow_imitate.md) explicitly require running scripts/web_search.py to fetch and distill open web search results into a /tmp reference file which is then passed into scripts/run_ppt_write.py as authoritative input, so the agent ingests untrusted public web content that can materially influence generation and subsequent actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs the agent to run local scripts that install Python packages using --break-system-packages, overwrite local files, save/upload authentication tokens and push files to remote URLs—actions that modify system state and can alter system packages or exfiltrate data, even though it does not explicitly request sudo or create users.