hugging-face-model-trainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and execute code and data from public third-party URLs (e.g., the "Working with Scripts" section allowing script URLs like GitHub/HF/Gist and the dataset inspector URL https://huggingface.co/datasets/mcp-tools/skills/raw/main/dataset_inspector.py, plus hf_doc_fetch/hf_doc_search), meaning untrusted user-generated web content is ingested and its outputs (mapping code, scripts) can directly change tool use and job actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs external scripts at runtime (examples call hf_jobs with "https://huggingface.co/datasets/mcp-tools/skills/raw/main/dataset_inspector.py" and the GGUF conversion script clones and builds https://github.com/ggerganov/llama.cpp.git), which fetches and executes remote code as part of required workflows, so these URLs present a runtime code-execution risk.