llama-cpp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly downloads and loads public HuggingFace models/LoRA adapters (see SKILL.md huggingface-cli download and scripts/convert_lora_to_gguf.py which accepts HF model/adapter IDs and calls from_pretrained), and also clones llama.cpp from GitHub if needed—meaning arbitrary, untrusted third‑party model files and code are ingested and then used for inference/serving, which can materially change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill clones and installs code at runtime from https://github.com/ggerganov/llama.cpp.git and then executes the fetched converter script (convert_hf_to_gguf.py), so this external URL is used at runtime and runs remote code.