Skills
skills/huggingface/skills/transformers-js/Snyk

transformers-js

Warn

Audited by Snyk on Mar 11, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs loading models from the public Hugging Face Hub (e.g., https://huggingface.co/models?library=transformers.js and examples using community model IDs and env.allowRemoteModels = true), which fetches and runs untrusted, user-contributed models whose outputs the agent will read and can materially influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill loads remote JavaScript at runtime via the CDN import (e.g., https://cdn.jsdelivr.net/npm/@huggingface/transformers) which executes third‑party code in the client, and it also fetches model files from the Hugging Face Hub (e.g., https://huggingface.co/… resolved at runtime) which directly determine the agent's outputs, so these external URLs are runtime dependencies that can execute remote code or control prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 11, 2026, 07:20 AM