aeon-huggingface-trending

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated content from Hugging Face's public APIs (https://huggingface.co/api/models, /api/datasets, /api/spaces) and uses that untrusted content in its core workflow to filter, rank, and generate "why notable" lines, so third‑party content can materially influence what the agent surfaces and decisions it makes.