hugging-face-datasets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SQL Dataset Querying workflow explicitly uses the DuckDB "hf://" protocol to read arbitrary public Hugging Face datasets (see "SQL Dataset Querying" and the quick-start examples like uv run scripts/sql_manager.py query --dataset "cais/mmlu"), so the agent ingests untrusted, user-generated third‑party content and acts on it (query/transform/push), enabling indirect prompt injection.