allium

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly runs custom SQL and fetches results and docs from Allium's public API (e.g., POST /api/v1/explorer/queries/{query_id}/run-async and GET /api/v1/explorer/query-runs/{run_id}/results and /docs/** endpoints), causing the agent to ingest public/third-party warehouse data and human-written docs/labels that could contain untrusted or user-generated text capable of influencing decisions or next actions.