hugging-face-dataset-viewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and reads public, user-uploaded Hugging Face dataset content via the Dataset Viewer API (e.g., /first-rows, /rows, /search on https://datasets-server.huggingface.co) as part of its core workflow, so untrusted dataset rows could contain instructions that influence subsequent actions.