scvi-tools

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and loads public, user-contributed models and resources (e.g., using huggingface_hub.hf_hub_download and references to the HuggingFace Model Hub and GitHub Issues) so it ingests untrusted third-party content as part of its workflow.