deepstream-import-vision-model

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly browses and downloads model files and config.json from public HuggingFace repos and the NGC catalog (references/model-acquire.md and the hf-list-files.sh / hf-download-config.sh and ngc-download.sh steps) and then parses that untrusted, user-provided config/labels to drive decisions (architecture acceptance, variant selection, ONNX URL, parser behavior), so third-party content can materially influence tool actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly runs system-level package installs (apt-get install -y), inspects dpkg, and references root/system paths (e.g., /opt/nvidia and root-specific Puppeteer config), which instructs the agent to modify system-wide state and potentially require privileged access.