llm-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to fetch public release pages and model repositories (e.g., Step 0a WebFetch of GitHub release pages and the artifacts_download from HuggingFace Hub in the vLLM/TGI manifest templates in SKILL.md and references/llm-manifest-templates.md), which are untrusted third‑party sources whose content (version strings, model files, or repo code referenced by flags like --trust-remote-code) is parsed and used to construct manifests and deployment actions—allowing third‑party content to materially influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill templates download model code/artifacts from Hugging Face (e.g., https://huggingface.co/${HF_MODEL_ID} via artifacts_download) at deploy/runtime and the vLLM template includes --trust-remote-code, which allows executing arbitrary code from that remote repo, making this a runtime external dependency that can execute remote code.