common-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly uses the public HuggingFace Hub (see huggingface.md and functions like HfApi.list_repo_files, snapshot_download, list_gguf_files, get_gguf_file_path) to list and download files from arbitrary model repositories, meaning the agent consumes untrusted, user-provided content from third‑party repos as part of its workflow.