single-popv-annotation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches pretrained models from the public HuggingFace Hub via HubModel.pull_from_huggingface_hub (see "Stage 4: Pretrained Hub Models" in SKILL.md and reference.md), which are third-party/user-provided artifacts that the agent loads and uses to annotate data, so untrusted content from the hub can directly influence predictions and downstream actions.