unsloth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) directly instructs the agent to fetch and ingest open/public third‑party datasets and model repos (e.g., load_dataset("sentence-transformers/all-nli"), "mlabonne/FineTome-100k", "openai/gsm8k", ShareGPT normalization via standardize_sharegpt, and Hugging Face/GitHub model hubs) — untrusted/user-generated content that the agent reads and which can materially change training, reward functions, and subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). Loading a Hugging Face model repo with trust_remote_code=True (e.g., deepseek-ai/DeepSeek-OCR — https://huggingface.co/deepseek-ai/DeepSeek-OCR) is invoked at runtime in the skill (FastModel.from_pretrained(..., trust_remote_code=True)) and will fetch and execute remote repository code needed to load that model, so it directly executes external code the skill relies on.