install-openviking-memory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly directs cloning a public GitHub repository (https://github.com/volcengine/OpenViking.git) and installing/running packages (pip install openviking, npx ./examples/.../setup-helper) from external public sources, which causes the agent to fetch and execute untrusted third-party code whose contents could materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs cloning and running code from https://github.com/volcengine/OpenViking (via "git clone https://github.com/volcengine/OpenViking.git" and running the repository's setup-helper with npx), which fetches and executes remote code at runtime and is relied on by the installation flow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill explicitly instructs the agent to run system-level installation commands (including sudo apt/dnf installs, global npm/pip installs, killing processes, and modifying system/home configuration files) and frames them as commands the agent should execute, which requires elevated privileges and alters the machine state.