huggingface-local-models

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md and references/hub-discovery.md) explicitly instructs the agent to fetch and parse public Hugging Face Hub pages and the tree API (e.g., https://huggingface.co/?local-app=llama.cpp and https://huggingface.co/api/models//tree/main?recursive=true) to extract quant labels, filenames, and launch snippets, which are untrusted, user-published third‑party contents that can directly influence commands and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching Hugging Face pages at runtime (e.g., https://huggingface.co/?local-app=llama.cpp and https://huggingface.co/api/models//tree/main?recursive=true) to extract the "Use this model" snippet and exact GGUF filenames which are then used to build and run the agent's launch commands, so remote content directly controls agent instructions.