carto-import-export-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports importing from arbitrary remote URLs (see SKILL.md and references/imports.md with examples like carto import --url https://example.com/... and notes that CARTO "fetches the URL" to a staging area), so it ingests untrusted third-party content which can influence schema, import behavior, and downstream jobs.