hugging-face

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and act on content from the public Hugging Face Hub (e.g., get-discussion, list-models, list-datasets, get-daily-papers and arbitrary endpoints via the "membrane request" proxy), which exposes the agent to untrusted, user-generated third-party content that could contain indirect instructions.