evaluating-llms-harness

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This harness explicitly ingests public third‑party content as part of its core workflows (e.g., loading HuggingFace datasets via dataset_path like "squad" and local/remote JSONL files in references/custom-tasks.md, and evaluating API models or arbitrary base_url endpoints in references/api-evaluation.md), so untrusted/user-provided dataset entries or API responses can be read and used to construct prompts or evaluation constraints that materially influence behavior.