knowledge-catalog-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The required workflow invokes the prebuilt dataplex tool (npx ... invoke <toolName> ...), which at runtime retrieves Catalog metadata for user-specified entries/resources; that returned metadata is outsider-authored free text from the Dataplex/Catalog system (not authored by the operating user) and is fed into the agent’s LLM context via the tool’s response.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The scripts invoke npx to fetch and run the remote npm package @toolbox-sdk/server@1.1.0 at runtime (see the npx command "npx ... @toolbox-sdk/server@1.1.0"), which downloads and executes remote code that the skill depends on.