llm-serving-auto-benchmark

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly pulls models/tokenizers from public Hugging Face repos (model_path entries, HF_TOKEN usage) and in multiple places sets or documents trust_remote_code, and the runbook/SKILL.md also documents that TensorRT-LLM's --dataset-name random can silently sample ShareGPT (public user-generated prompts), so untrusted third‑party content/code is ingested and used by the benchmarking workflow and can materially affect server behavior and benchmark-driven decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's container runbook explicitly pulls and runs remote images at runtime (e.g., docker pull lmsysorg/sglang:dev, docker pull vllm/vllm-openai:latest, docker pull nvcr.io/nvidia/tensorrt-llm/release:latest) and the configs also use model hub fetching and --trust_remote_code, so these external artifacts are fetched and executed at runtime and therefore meet the criteria for a risky runtime external dependency.