flash-moe-inference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly requires downloading Qwen3.5-397B-A17B safetensors "from HuggingFace" and the engine loads those external weight files (model_weights.bin / packed_experts/) at runtime, so untrusted third-party model files directly influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installation instructs users to git clone and build code from https://github.com/danveloper/flash-moe, which fetches remote source that is then compiled and executed (including the chat TUI and inference binaries that generate prompts/tool-calling output), so this URL is a runtime external dependency that results in executing remote code.