hf-release-notes

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs the agent at runtime to fetch documentation pages (e.g., https://huggingface.co/docs/huggingface_hub/main/en/index and related https://huggingface.co/docs/huggingface_hub/main/en/guides/...) and inject their content to verify and shape release-note text, meaning external content is fetched during runtime and directly controls the agent's generated prompts/output.