hf-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and acts on public, user-generated content from the Hugging Face Hub and external GitHub (e.g., hf models/datasets/spaces cards, hf discussions, hf papers read, hf extensions install, and hf jobs uv run SCRIPT (local file or URL) as shown in SKILL.md), which the agent is expected to read/execute and could materially influence subsequent actions.