local-ai-models

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's MLX Swift docs and examples explicitly load models from public registries like Hugging Face (e.g., references/mlx-swift/setup.md, quantization.md, and mentions of "mlx-community/*" and https://huggingface.co/models), which are third‑party, user‑submitted resources downloaded and executed at runtime—exposing the agent to untrusted content that could embed malicious instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses MLX Swift to load models at runtime from Hugging Face (e.g. https://huggingface.co/models and model IDs like mlx-community/Llama-3.2-3B-Instruct-4bit), which are fetched on first use and directly determine the model's behavior, making them runtime external dependencies that control the agent's outputs.