data-visualization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The required runtime workflow uses belt app run infsh/python-executor --input '{ "code": ... }', where the code field is free-form text supplied at runtime and becomes LLM-readable context for execution, so any outsider-provided code would be ingested (indirect prompt injection risk).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires and uses the inference.sh CLI (https://inference.sh) at runtime — e.g., commands like belt app run infsh/python-executor send and execute arbitrary Python code remotely — so it relies on an external service that executes code.