downloading-hf-models

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md explicitly instructs running the HuggingFace Hub download command (e.g., "uv run --with huggingface_hub hf download / ...") to pull files from public Hugging Face repositories, which are untrusted/user-generated sources the agent will fetch as part of its workflow and could materially influence subsequent actions.