vllm-deploy-docker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow instructs pulling pre-built images from Docker Hub and loading models from Hugging Face (e.g., the --model Qwen/... flag and HF_TOKEN/cache usage), which causes the deployed server to download and run untrusted, public model artifacts whose outputs can materially influence subsequent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's quickstart explicitly pulls and runs the external Docker image vllm/vllm-openai:latest (Docker Hub) — which fetches and executes remote container code at runtime — and the build instructions also fetch remote code (e.g., https://github.com/vllm-project/vllm/tree/main/docker and git+https://github.com/huggingface/transformers.git) that would be executed during image build, so external content is required and executes code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit privileged operations—e.g., "sudo groupadd docker" and "sudo usermod -aG docker $USER" (and a privileged docker run) —which modify system groups/user membership and require elevated/sudo privileges, so it instructs changing the host state.