prompt-guard

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md's "Workflow 2: Third-party data filtering" and "Workflow 3: Batch processing for RAG" explicitly ingest API responses, web-scraped/RAG documents (untrusted public content) and use those texts to decide blocking/allowing and downstream LLM actions, so third‑party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls AutoTokenizer.from_pretrained/AutoModelForSequenceClassification.from_pretrained with model_id "meta-llama/Prompt-Guard-86M", which at runtime fetches model/tokenizer data from https://huggingface.co/meta-llama/Prompt-Guard-86M and those fetched weights/tokenizer directly control the classifier behavior used to block or allow prompts, making it a required external runtime dependency.