hugging-face-model-trainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching and executing code and data from public third-party URLs (e.g., "script" may be a Hugging Face Hub URL, GitHub/raw.githubusercontent.com, or Gist; it also calls the public dataset inspector at https://huggingface.co/datasets/mcp-tools/skills/raw/main/dataset_inspector.py and uses hf_doc_fetch), so untrusted external content is ingested and can change job/scripts and dataset-mapping behavior used by the agent.