pckle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly lists a workflow "import_huggingface — Hugging Face dataset ingestion" and describes creating pckle tasks that search and run workflows against an agent's knowledge base (pckle task create), which shows the skill can fetch and ingest public, user-provided third‑party content (Hugging Face) that the agent will read and use to influence task results.