serverless-modal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's inference workflows explicitly call transformers.AutoModelForCausalLM.from_pretrained(...) (Pattern B) and set MODEL = "Qwen/Qwen3-4B" with vLLM (Pattern C), which fetch pretrained models/tokenizers from public model hubs (e.g., Hugging Face) — untrusted, user-contributed artifacts that the skill loads and uses to generate outputs, so third-party content can materially influence behavior.