hugging-face-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly uses commands that fetch and inspect content from the public Hugging Face Hub (e.g., "hf download <repo_id>", "hf models info", "hf datasets info", "hf spaces info" and "hf jobs run "), meaning it ingests untrusted, user-generated repos/spaces/datasets from the open web that can influence actions like running jobs or deploying endpoints.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes commands that fetch and run remote container images at runtime (e.g., "hf jobs run python:3.12 python script.py" and "hf jobs run --flavor a10g-small "), which will execute external code pulled from those images on Hugging Face infrastructure.