model-trainer

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). While many links are to official Hugging Face docs and well-known GitHub repositories (low risk), the list also includes raw user-hosted script URLs, Gist/raw GitHub endpoints, placeholder/example domains (e.g., example.com, raw.githubusercontent.com/user/..., gist.githubusercontent.com/user/...), and other user-controlled resolve links that could contain arbitrary executable Python and therefore pose a significant risk if downloaded and executed without review—so the overall set is suspicious for potential malware distribution when used as execution sources.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and execute external scripts and datasets via public URLs (e.g., passing GitHub/raw/Gist or Hugging Face Hub URLs to hf_jobs, and using the public Dataset Inspector at https://huggingface.co/datasets/mcp-tools/skills/raw/main/dataset_inspector.py), so untrusted third‑party content can be ingested and directly influence job submission and runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs a remote script at runtime via hf_jobs using the URL https://huggingface.co/datasets/mcp-tools/skills/raw/main/dataset_inspector.py, which fetches and executes remote code and is relied upon by the skill for dataset validation, so it directly controls runtime behavior.