hugging-face-datasets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's sql_manager.py explicitly uses the hf:// protocol to access arbitrary Hugging Face datasets (e.g., "cais/mmlu", "squad")—public, user-contributed data—which the agent reads and queries as part of its workflow and can influence downstream actions (exports, pushes, transformations), exposing it to untrusted third-party content that could contain injected instructions.