pyvene-interventions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly loads models and interventions from public hubs (e.g., IntervenableModel.load("username/my-intervention") and model.from_pretrained("meta-llama/...") / "zhengxuanzenwu/intervenable_honest_llama2_chat_7B" in the workflows), which fetches untrusted user-hosted content from HuggingFace/GitHub that the agent applies to generation and interventions and thus can materially change behavior.