hugging-science

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and parses live, community-submitted content from huggingscience.co (e.g., https://huggingscience.co/llms-full.txt and https://huggingscience.co/topics/.md via scripts/fetch_catalog.py) and directs the agent to read those entries and call community-hosted Hugging Face Spaces/HF Hub resources (gradio_client / datasets / transformers), so untrusted third‑party markdown and Space outputs can materially influence resource selection and subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). I flag https://huggingface.co/arcinstitute/evo2_7b because the skill explicitly instructs loading models with AutoModel.from_pretrained(..., trust_remote_code=True), which fetches and executes Python from the remote Hugging Face model repo at runtime and is relied on as a required dependency.