replicate-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows explicitly fetch and ingest public prediction/model data (e.g., commands like "replicate run" which can return output URLs or data URIs, "replicate model schema <owner/model>", and "replicate scaffold ") and also instruct chaining outputs into subsequent commands ({{.output}}), meaning untrusted public model outputs or arbitrary prediction URLs from replicate.com or external URLs are read and can directly influence later actions.