model-merging

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and merging public, user-hosted models and repos (e.g., git clone https://github.com/arcee-ai/mergekit.git and many HuggingFace model IDs like mistralai/Mistral-7B-v0.1 used throughout the workflow), so the agent ingests untrusted third-party model artifacts whose learned behaviors could materially change its actions or embed indirect instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes an explicit install step that clones and installs remote code (git clone https://github.com/arcee-ai/mergekit.git then pip install -e .), which fetches and executes third‑party code as a required dependency for the skill.