hugging-face-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md exposes the agent to public, user-generated content on the Hugging Face Hub and external GitHub repos via commands like hf download, hf papers read, hf discussions, hf extensions install, hf skills add, and hf jobs uv run SCRIPT (local file or URL), which the agent would ingest/read and could materially change behavior.