parlor-on-device-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's server code and docs show it auto-downloads a public HuggingFace model (LiteRTLM.from_pretrained("google/gemma-4-E2B-it") and hf_hub_download examples) and uses that externally fetched model at runtime for inference, so untrusted third-party content from HuggingFace can directly influence the agent's outputs and behavior.