forecasting-reverso

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads or asks the user to upload public model checkpoints from HuggingFace (see SKILL.md "Obtaining Weights" and the scripts: reverso.py's download_weights and scripts/load_checkpoint.py), which are untrusted, user-provided third‑party files that the agent loads and uses in its forecasting workflow and thus can materially change behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The setup commands include a system-level pip install with "--system --break-system-packages", which instructs modifying system packages/installation state (potentially breaking system-managed packages), so the skill pushes changes to the machine state.