duckdb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows DuckDB reading remote, potentially public sources via httpfs and URL/S3 globs (e.g., SELECT * FROM read_parquet('s3://my-bucket/data/*.parquet') and notes the httpfs extension for HTTP/S3/GCS), which means the agent will ingest and act on untrusted third-party content as part of query workflows.