modal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and referenced docs explicitly show runtime flows that fetch and consume untrusted third‑party content (e.g., git clone in references/images.md, AutoModel.from_pretrained downloads from Hugging Face, Image.from_registry pulls from Docker Hub, and requests.get("https://api.example.com/...") in references/examples.md), and that content is read/used for model loading, inference, and job logic so it can materially influence behavior.