openrlhf-training

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill ingests and trains on public, user-generated datasets and models (e.g., prompt_data OpenAssistant/oasst1, OpenRLHF/OpenAssistant datasets, and HuggingFace model "OpenAssistant/reward-model-deberta-v3-large") which the agent reads and scores as part of its workflow, exposing it to untrusted third-party content that could enable indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt instructs actions that require elevated privileges and can change system state (e.g., "sudo pip uninstall ..." and running Docker with --cap-add=SYS_ADMIN), which asks the agent to obtain/bypass admin capabilities and modify system-level packages.