carto-explore-datawarehouse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime workflow calls carto connections browse/describe and named-sources get (SKILL.md and references/named-sources.md), which fetch and parse schemas, table metadata, and user-supplied saved SQL (including public datasets like carto-demo-data and arbitrary named-source queries), so the agent ingests untrusted/third-party content that can materially influence which queries and actions it performs.