replicate-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to fetch and interpret content from Replicate's public platform (e.g., replicate model schema <owner/model>, replicate run <owner/model>, replicate prediction show <id>, and replicate scaffold <prediction-id-or-url> and links to replicate.com/explore), which pulls untrusted/user-hosted models, schemas, and prediction outputs from third-party sources that the agent would read as part of its workflow.