vllm-bench-serve

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly auto-downloads and streams public, user-generated datasets (e.g., "sharegpt" / HuggingFace) as part of its required Phase 4 dataset selection (see SKILL.md Phase 4 and references/dataset-guide.md), and it also probes remote services (/v1/models) to auto-fetch model metadata — both sources are untrusted third‑party content that the agent must read and that materially influence command generation, benchmarking decisions, and auto‑optimization behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill may auto-download datasets from the HuggingFace Hub at runtime (e.g., https://huggingface.co/datasets/lmarena-ai/VisionArena-Chat or the ShareGPT dataset path noted), and those fetched dataset files are injected as prompts/workloads for vllm bench serve, so this is a runtime external dependency that directly controls the agent's input.