hf-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill’s runtime download operations (download_file() / download_folder()) fetch readable content from HuggingFace repositories specified by repo_id/filename (public or user-specified third-party sources), which is outsider-authored text ingested into the agent’s context via the downloaded file contents.