llamafile

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs users to download binaries and GGUF model files from public third-party sources (e.g., Hugging Face model publishers and GitHub releases) and to run llamafile which loads those external model files for local inference, meaning untrusted user-provided content can directly influence model behavior and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching and executing remote binaries at runtime (e.g., curl -L -o llamafile https://github.com/mozilla-ai/llamafile/releases/download/0.9.3/llamafile-0.9.3 and curl -LO https://huggingface.co/mozilla-ai/llava-v1.5-7b-llamafile/resolve/main/llava-v1.5-7b-q4.llamafile), which are required dependencies and would execute remote code on the host.