together-dedicated-endpoints

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches models from untrusted public sources (Hugging Face repos or arbitrary S3 presigned URLs) as shown in references/dedicated-models.md and references/api-reference.md and implemented in scripts/upload_custom_model.py (client.models.upload with model_source), and those uploaded third‑party model artifacts are ingested and deployed for inference (affecting runtime behavior), enabling indirect prompt-injection via malicious model content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's upload/deploy scripts accept and use runtime model_source URLs (e.g., https://huggingface.co/your-org/your-model and S3 presigned URLs like https://my-bucket.s3.amazonaws.com/model.tar.gz?...) which the service fetches at runtime to create a custom/fine-tuned model that directly controls the agent's inference outputs, and those URLs are required when uploading/deploying custom models.