datapackage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to download and parse remote datapackage.json descriptors and to read data files over HTTPS/S3 (see SKILL.md "Locate the descriptor" and the references/storage-backends.md and references/metadata-querying.md examples such as read_parquet('https://...') and frictionless validate https://...), so it ingests arbitrary third-party dataset metadata and files that can influence which queries and tool actions are taken.