train-sentence-transformers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required instructions explicitly tell the agent to query and use live Hugging Face models/datasets and external leaderboards (e.g., "hf models list", the MTEB leaderboard link in references/base_model_selection.md, hf datasets commands in references/dataset_formats.md, and hf_jobs_execution.md), which ingests public, user-contributed content that will be read and used to make model-selection and training decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly recommends executing a remote installer via "curl -LsSf https://hf.co/cli/install.sh | bash -s" and using script-from-URL patterns like "https://huggingface.co/USERNAME/scripts/resolve/main/train_bi_encoder.py", both of which cause the runtime to fetch and execute remote code (used as required HF Jobs dependencies), so they pose a high-risk external-execution vector.