hugging-face-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly fetches and ingests public, user-generated content: SKILL.md allows passing scripts/URLs and shows examples using Hub dataset URLs, and the bundled scripts (e.g., scripts/cot-self-instruct.py uses load_dataset(args.seed_dataset) and generation_model inputs; scripts/finepdfs-stats.py scans hf:// datasets paths and list_repo_tree) which read and interpret Hub dataset contents at runtime and use them to drive generation, filtering, and push actions—so untrusted third‑party content from the Hugging Face Hub can materially influence tool use and behavior.