example-projects

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public Hugging Face models and datasets (e.g., AutoTokenizer.from_pretrained called in scripts/setup-example.sh and model loading in train/generate scripts, and load_dataset(data_path) in examples/text-generation/train.py with README instructions like "Use dataset name directly"), which are untrusted, user-contributed third‑party sources that the agent will ingest as part of training/inference and can materially change model behavior and downstream decisions (e.g., generation or trading signals).