modal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflows in SKILL.md and referenced docs (e.g., "Deploy ML Model for Inference" in SKILL.md using AutoModel.from_pretrained, references/images.md using run_commands("git clone https://github.com/..."), and references/examples.md using requests.get("https://api.example.com/...")) explicitly fetch and ingest content from public third‑party sources (GitHub, Hugging Face, arbitrary HTTP APIs), which the agent is expected to load and act on, creating a clear avenue for indirect prompt injection.