model-verify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly downloads and executes models from public ModelScope/HuggingFace IDs (SKILL.md Step 2 uses snapshot_download for ModelScope/HuggingFace IDs) and runs those models with --trust-remote-code in the Phase A/B docker exec commands, so untrusted third‑party code/content can be fetched and its outputs/errors can influence the diff analysis and downstream decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill downloads a remote model at runtime via modelscope.snapshot_download using a ModelScope/HuggingFace model ID (e.g., https://huggingface.co/<MODEL_ID>) and then runs inference with --trust-remote-code, which allows fetched remote code to be executed inside the container.