apache-airflow-orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes instructions that fetch and ingest public third-party content at runtime (e.g., curling the remote docker-compose.yaml from https://airflow.apache.org/docs/... and examples where CustomDataSensor uses requests.get('https://api.example.com/status') and HttpHook calls /v1/data), and those responses are used in task logic (sensors/branches), so external content can directly influence execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Docker setup step downloads and then runs a remote docker-compose file (https://airflow.apache.org/docs/apache-airflow/stable/docker-compose.yaml), which is fetched at runtime and subsequently used with docker compose up to execute containers defined by that remote file, so it can execute remote code.