gguf-quantization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly download and load publicly hosted third‑party models and artifacts (e.g., "huggingface-cli download meta-llama/Llama-3.1-8B", links to HuggingFace/TheBloke and GGUF spaces, and repo clones) which are untrusted user‑provided content that the agent loads and uses for inference, so they can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's install/run instructions explicitly fetch and execute remote code required for runtime (git clone https://github.com/ggml-org/llama.cpp and installing/running the Python bindings referenced at https://github.com/abetlen/llama-cpp-python), so those URLs are runtime external dependencies that execute remote code the skill relies on.