build-models

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Weight cache for user-supplied weights" and related sections explicitly instruct fetching arbitrary public URLs (via pget, HuggingFace, CivitAI, weights.replicate.delivery and "arbitrary .safetensors URLs") at predict time, which the predictor loads and can materially change model behavior, exposing the agent to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's build/run step fetches and installs the pget binary at runtime via curl (https://github.com/replicate/pget/releases/download/v0.8.2/pget_linux_x86_64) which is then executed (subprocess.check_call(["pget", ...])) to download weights, so remote code is fetched and run and the skill relies on it.