long-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public third-party data and code (e.g., git clone https://github.com/jquesnelle/yarn, load_dataset("pg19"), load_dataset("codeparrot/github-code"), HuggingFace/wikipedia/arXiv datasets and TogetherAI/HuggingFace model repos) and expects the agent to read and use that untrusted/user-generated content during fine-tuning and evaluation, which could enable indirect prompt injection.