cuda-kernels

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill dynamically downloads and loads pre-compiled kernels from the public HuggingFace Kernels Hub (e.g., get_kernel("kernels-community/activation") / kernels-community repos), which are user‑published, untrusted third‑party artifacts that the agent is expected to load and execute at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses the HuggingFace Kernels Hub at runtime via get_kernel (e.g. repo IDs under https://huggingface.co/kernels-community), which downloads and loads pre-compiled kernel binaries from that external URL and thus executes remote code at runtime.