hugging-face-evaluation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses README content from arbitrary Hugging Face repositories via the inspect-tables / extract-readme workflows (--repo-id) and imports data from the Artificial Analysis API, and those untrusted, user-authored inputs are converted into model-index YAML and can automatically trigger pushes or create PRs (--apply / --create-pr), so third-party content can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs arbitrary Hugging Face model repositories at runtime (e.g., https://huggingface.co/microsoft/phi-2) and explicitly documents using the --trust-remote-code flag, which causes code from those remote repos to be fetched and executed locally, so this is a runtime external dependency that can execute remote code.