huggingface-llm-trainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and executes or inspects external, user-provided content (e.g., scripts loaded from arbitrary Hugging Face Hub/GitHub/Gist URLs per "Working with Scripts" and the Dataset Validation flow which runs the external dataset_inspector at https://huggingface.co/datasets/mcp-tools/skills/raw/main/dataset_inspector.py and instructs the agent to apply its "MAPPING CODE"), so untrusted third‑party content can be read and materially influence job submission and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs remote scripts at runtime (e.g., submitting hf_jobs with "https://huggingface.co/datasets/mcp-tools/skills/raw/main/dataset_inspector.py") and the GGUF conversion script clones and builds code from "https://github.com/ggerganov/llama.cpp.git", so external content is fetched and executed during runtime and is relied upon for dataset validation and conversion.