huggingface-transformers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and loading models and metadata from the public Hugging Face Hub (e.g., "Model Selection from Hub" using HfApi/list_models and model_info, and multiple uses of AutoModel/AutoTokenizer.from_pretrained including trust_remote_code=True), which downloads and may execute user-uploaded, untrusted third‑party content that can influence model behavior and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls transformers.from_pretrained on Hugging Face model repos (e.g., "mistralai/Mistral-7B-v0.1") and explicitly uses trust_remote_code=True, which causes code from the remote repository fetched at runtime to be executed—constituting a required external dependency that can run remote code.