hugging-face-tool-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and parse public Hugging Face content (e.g., model and dataset cards from repositories, API endpoints like https://huggingface.co/.well-known/openapi.json, and scripts such as references/hf_model_card_frontmatter.sh and references/hf_enrich_models.sh), which are untrusted, user-generated web content the agent will read and that can materially influence subsequent tool use and decisions.