hugging-face-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly loads and runs external, user-provided Hub resources and URLs (e.g., hf_jobs examples that accept script URLs like "https://huggingface.co/.../raw/...", calls to load_dataset(args.seed_dataset) in scripts such as scripts/cot-self-instruct.py and scripts/finepdfs-stats.py, and dataset_search/hub_repo_details examples), so the agent will ingest and interpret untrusted, user-generated content from the public web/Hub.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly accepts remote script URLs for runtime execution (e.g. https://huggingface.co/datasets/uv-scripts/synthetic-data/raw/main/cot-self-instruct.py and https://raw.githubusercontent.com/huggingface/trl/main/trl/scripts/sft.py), which would be fetched at job runtime and executed as code, meeting the criteria for a high-confidence remote-code risk.