huggingface-community-evals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs arbitrary models from the public Hugging Face Hub (see SKILL.md examples and scripts like scripts/inspect_vllm_uv.py and scripts/lighteval_vllm_uv.py that accept Hub model IDs) and even exposes a --trust-remote-code flag, which causes the agent to fetch and potentially execute untrusted, user-provided repository code/artifacts that can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts accept model IDs that are fetched from the Hugging Face Hub at runtime and include a --trust-remote-code option which can cause execution of code from model repositories (e.g. https://huggingface.co/meta-llama/Llama-3.2-1B), so remote content from Hugging Face model URLs can be fetched and executed during runtime.