geniml

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests public, potentially user-provided data (e.g., remote BED files via BBClient described in references/utilities.md and pre-trained models from Hugging Face referenced in references/scembed.md) as part of mandatory tokenization/training/search workflows, so untrusted third-party content can be read and materially influence model outputs and downstream actions.