hugging-science

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow fetches and parses outsider-authored free text from the public catalog endpoints (e.g., https://huggingscience.co/topics/<slug>.md, https://huggingscience.co/llms-full.txt) via scripts/fetch_catalog.py, then injects that markdown-derived text into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs loading Hugging Face model repos with trust_remote_code=True (e.g., AutoModel.from_pretrained("arcinstitute/evo2_7b", trust_remote_code=True)), which at runtime fetches and executes Python from the model repo URL (e.g. https://huggingface.co/arcinstitute/evo2_7b) and is a required dependency for many catalog models.