modal-serverless-gpu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes code that fetches and ingests arbitrary public content—e.g., references/advanced-usage.md defines fetch_data(url) using aiohttp to GET arbitrary URLs, examples install code from public GitHub (pip_install "git+https://github.com/..."), and download/load models from Hugging Face/S3 (download_model, CloudBucketMount), so the agent would read untrusted third-party/user-provided content as part of its workflow.