huggingface-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly includes commands that fetch and read content from the public Hugging Face Hub (e.g., hf download REPO_ID, hf datasets list / hf datasets sql, and hf discussions), which are user-contributed/public repositories, datasets, and forum posts that the agent would ingest and could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start instructs running "curl -LsSf https://hf.co/cli/install.sh | bash -s", which fetches and executes remote shell code and is presented as the required installation method for the CLI.