transformers-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs loading models from the public Hugging Face Hub (e.g., https://huggingface.co/models?library=transformers.js and examples using community model IDs and env.allowRemoteModels = true), which fetches and runs untrusted, user-contributed models whose outputs the agent will read and can materially influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill loads remote JavaScript at runtime via the CDN import (e.g., https://cdn.jsdelivr.net/npm/@huggingface/transformers) which executes third‑party code in the client, and it also fetches model files from the Hugging Face Hub (e.g., https://huggingface.co/… resolved at runtime) which directly determine the agent's outputs, so these external URLs are runtime dependencies that can execute remote code or control prompts.