runtime-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill loads arbitrary public HuggingFace model repositories and metadata (e.g., AutoModel/AutoTokenizer.from_pretrained(model_id, trust_remote_code=True), detect_model_format checking HuggingFace repos for .gguf files, and parsing user-provided model_id/quantization), so it ingests untrusted third‑party content that the agent reads/interprets.