transformers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill directly loads models and datasets from the public Hugging Face Hub and datasets library (e.g., AutoModel.from_pretrained(...), AutoTokenizer.from_pretrained(...), and datasets.load_dataset("imdb") / "tatsu-lab/alpaca"), which ingests community/public user-generated content that the agent will read and process.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime model load that explicitly enables remote code execution via from_pretrained(..., trust_remote_code=True), which will fetch and execute code from the Hugging Face Hub for the model (e.g. https://huggingface.co/microsoft/phi-2), so the fetched external content can execute remote code during runtime.