hugging-face-trackio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's autonomous workflow (SKILL.md and references/alerts.md) instructs an LLM agent to poll and read Trackio alerts/metrics via the CLI (e.g., trackio list alerts --json and the alert "text" field) and then make decisions (stop runs, change hyperparameters), but those alerts/metrics are arbitrary user-generated content (and can be synced to public Hugging Face Spaces), so untrusted third-party content could inject instructions that influence agent actions.