model-supply-chain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly requires gathering and evaluating external model registry pages and model cards (e.g., "Model card or documentation | Model registry page" and references to Hugging Face Hub, public datasets, and scraped corpora)—untrusted, user-contributed third-party content the agent is expected to read and interpret as part of its assessment, which can materially influence findings and actions.