adding-model-support

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 1, Steps 1–2 and the smoke/conversion examples) explicitly instructs the agent to fetch and read a HuggingFace model link and its public config.json/checkpoint (e.g., "Ask the user for the HuggingFace model link" and "Read the model's config.json from HuggingFace"), which are open/public third-party artifacts that the agent must parse and whose contents directly drive mapping, conversion, and execution decisions—so untrusted third‑party content can influence tool use.