mlflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows running external projects (e.g., "mlflow run https://github.com/user/repo") and pulling images from registries (ghcr.io), which causes the agent/runtime to fetch and execute arbitrary, user-provided web content (public GitHub repos and container images) that can materially influence actions.