huggingface-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to call hosted Hugging Face models (e.g., hf.textGeneration, hf.chatCompletion, textGenerationStream) and to fetch external resources like image URLs (e.g., classifier('https://example.com/cat.jpg')), which ingests untrusted public third-party content whose outputs could contain instructions that influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The browser example directly imports and executes remote library code at runtime from https://cdn.jsdelivr.net/npm/@huggingface/transformers (a required dependency for the shown browser usage), so this URL fetches and runs external code during skill execution.