building-inferencesh-apps

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows and examples explicitly download and consume external, potentially untrusted content — e.g., File.from() that downloads arbitrary URLs, huggingface_hub snapshot_download for public model repos, and belt app pull / belt app run which fetch and run public apps — so third-party content can directly influence runtime behavior.