release

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) explicitly instructs using the HF CLI and scripts to probe authenticated hf.space domains and curl endpoints like /health and /reset on deployed Hugging Face Spaces (public, user-created Spaces) and then uses those responses to decide canonical promotions and collection updates, which means untrusted third-party content can influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The release scripts rewrite and stage runtime installs to git+https://github.com/meta-pytorch/OpenEnv.git@, which will cause pip/git to fetch and install/execute remote repository code during Docker/Space builds, making that external repo a required runtime dependency.