hugging-face-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill clearly ingests public, user-generated Hub content — e.g., SKILL.md and scripts like scripts/generate-responses.py and scripts/cot-self-instruct.py call load_dataset(...) and scripts/finepdfs-stats.py uses pl.scan_parquet("hf://datasets/...") to read Hub datasets/parquet and then feed that data into vLLM generation or downstream pushes, so untrusted third‑party content can directly influence model prompts and job behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts (e.g., generate-responses.py and cot-self-instruct.py) load the model ID Qwen/Qwen3-30B-A3B-Instruct-2507 at runtime with LLM(..., trust_remote_code=True), which will fetch and execute code from the model repo (https://huggingface.co/Qwen/Qwen3-30B-A3B-Instruct-2507), giving remote content the ability to run code and influence prompt handling.