hugging-face-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using remote, public URLs as the job "script" (see "Working with Scripts" — examples using raw GitHub and HF Hub URLs) and also shows discovering Hub datasets/UV scripts and processing webhook payloads, meaning the agent will fetch and execute/read untrusted, user-generated content from the open web which can materially change job behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly shows fetching and executing remote scripts at runtime (e.g. hf_jobs("uv", {"script": "https://raw.githubusercontent.com/huggingface/trl/main/trl/scripts/sft.py"}) and similar https://huggingface.co/.../raw/... URLs), so those URLs are used during runtime to fetch code that will be executed in the job container.