truefoundry-llm-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly uses artifacts_download with type "huggingface-hub" in the vLLM/TGI manifest templates and instructs calling the deployment-specs API with a huggingfaceHubUrl (see references/llm-manifest-templates.md and Step 2), meaning the agent will ingest untrusted, user-generated HuggingFace model repositories (and could even enable executing repo code via the documented --trust-remote-code flag), which can materially influence resource selection and deployment actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill uses artifacts_download to fetch model repositories from the Hugging Face Hub at runtime (e.g. https://huggingface.co/${HF_MODEL_ID}), and the vLLM manifest template explicitly includes the --trust-remote-code flag—meaning remote repository code can be executed and the artifact download is a required dependency.