huggingface

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to search and load content from public Hugging Face Hub and related sources (e.g., mcp__claude_ai_Hugging_Face__hub_repo_search, paper_search, hf_doc_search, load_dataset(...) and gradio_client Client(...) against public Spaces and model cards), and the agent is required to read/interpret model cards, dataset contents, docs, and Space outputs (checking pipeline_tag, licenses, etc.) to make model-selection, deployment, and fine-tuning decisions—so untrusted, user-generated third-party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Evaluation Strategy includes a docker pull/run of a remote container image that is fetched and executed at runtime (ghcr.io/huggingface/text-generation-inference:latest), which constitutes executing external code as part of the skill workflow.