modal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes multiple examples that fetch and process untrusted public content (e.g., Image.run_commands("git clone https://github.com/...") and Image.from_registry pulling Docker images, AutoModel.from_pretrained downloads from Hugging Face, requests.get("https://api.example.com/sensors") in collect_sensor_data, and web endpoints that echo/return request.json), so the agent would read/interpret arbitrary third‑party or user‑provided content at runtime.