slime-user

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests public HuggingFace models/datasets (e.g., "hf download Qwen/Qwen3-4B" and "hf download --repo-type dataset zhuzilin/dapo-math-17k") and accepts prompt-data/JSONL datasets and external GitHub resources which the agent reads and processes as part of rollouts, exposing it to untrusted, user-generated third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The custom generation function issues a runtime HTTP POST to the SGLang generate endpoint (e.g. http://{args.sglang_router_ip}:{args.sglang_router_port}/generate) and injects the returned text directly into the agent's response tokens, so this runtime endpoint directly controls prompts/output.