huggingface-lora-space-builder

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to ask the user to "Paste [the Hugging Face token] here" and to reuse that token for repo reads/publishing, forcing the LLM to receive and handle a secret value in-chat (risking verbatim exposure).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill ingests outsider-authored free text from the LoRA’s Hub model card/README (e.g., ModelCard.load(repo_id) and base_card.text), which is then placed into the agent’s LLM context to extract parameters/UI details—this is indirect prompt-injection exposure from arbitrary third-party README content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly recommends installing remote packages at build/runtime (e.g. "git+https://github.com/huggingface/diffusers" and "git+https://github.com/Lightricks/LTX-Video.git" in requirements.txt) and loading third‑party browser JS via CDNs (e.g. https://cdnjs.cloudflare.com/...), which will be fetched and executed during Space build or in the client and thus constitute runtime external code execution.