hugging-face-jobs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and runs public, user-provided code and datasets from the Hugging Face Hub (e.g., SKILL.md shows passing "script" as a URL to hf_jobs and references uv-scripts/GitHub raw URLs, and scripts like scripts/cot-self-instruct.py and scripts/finepdfs-stats.py call load_dataset(args.seed_dataset) and pl.scan_parquet("hf://datasets/...")), so untrusted third‑party content is ingested and directly influences generation and job behavior, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes explicit examples that run remote Python scripts by URL at runtime — e.g., fetching and executing the raw UV script which contains prompt templates and LLM-generation logic at https://huggingface.co/datasets/uv-scripts/synthetic-data/raw/main/cot-self-instruct.py, so a remote URL is used during runtime to load code that directly controls prompts and execution.