llama-cpp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Download model" section explicitly instructs fetching models from public third-party sites (e.g., huggingface-cli download TheBloke/Llama-2-7B-Chat-GGUF and links to https://huggingface.co and GitHub/Discord), which are untrusted user-hosted artifacts that the agent will load and that can materially influence its outputs and actions.