huggingface-jobs
Warn
Audited by Snyk on Mar 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill explicitly loads and processes public, user-provided Hugging Face Hub content (e.g., SKILL.md examples and the UV scripts like scripts/cot-self-instruct.py and scripts/finepdfs-stats.py call load_dataset, pl.scan_parquet on hf:// paths, and accept script URLs), so the agent ingests untrusted third‑party data from the open web that can directly influence generation, filtering, and subsequent job actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly allows providing a remote script URL that is fetched and executed at job runtime (e.g., "https://huggingface.co/datasets/uv-scripts/synthetic-data/raw/main/cot-self-instruct.py"), so external content can directly execute code in the job environment.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata