modal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's examples explicitly show runtime ingestion of untrusted third-party content—e.g., downloading models from Hugging Face via AutoModel.from_pretrained, cloning public GitHub repos, pulling images from public registries, fetching external APIs in scheduled jobs, and accepting arbitrary POST payloads via @modal.fastapi_endpoint—so the agent would read and act on externally-sourced content that could enable indirect prompt injection.