openrlhf-training

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required training workflows explicitly load public datasets and models (e.g., --prompt_data OpenAssistant/oasst1, --dataset OpenRLHF/preference_dataset_mixture2_and_safe_pku and HF model IDs referenced in SKILL.md and references/*.md), meaning the agent ingests untrusted, user-generated third‑party content that can directly influence reward computation and training behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs actions that require elevated privileges and can change system state (e.g., "sudo pip uninstall ..." and running Docker with --cap-add=SYS_ADMIN), which asks the agent to obtain/bypass admin capabilities and modify system-level packages.