docker-containerization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly downloads community-hosted models with huggingface_hub's snapshot_download in the "Multi-Stage for ML Models" section and the ollama-entrypoint.sh loads custom models from /modelfiles, which are untrusted third-party/user-provided artifacts that the agent will load and use at runtime and could therefore influence behavior.