transformers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and loading public, user-contributed models and datasets from the Hugging Face Hub (e.g., AutoModel.from_pretrained with model names, trust_remote_code=True, and datasets.load_dataset calls like "tatsu-lab/alpaca" and "imdb" shown in SKILL.md and reference/fine-tuning.md), which ingests untrusted third-party content that can change model behavior and workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill shows a runtime call that loads remote model code with trust_remote_code=True for the Hugging Face repo microsoft/phi-2 (https://huggingface.co/microsoft/phi-2), which causes the agent to fetch and execute remote code from the Hub.