rag-architect

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The LateChunker uses AutoModel.from_pretrained("jinaai/jina-embeddings-v2-base-en", trust_remote_code=True) which fetches code from the Hugging Face model repo at runtime and can execute remote code (Hugging Face repo: jinaai/jina-embeddings-v2-base-en), creating a high-confidence execution risk.