data-import

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses data from arbitrary Google Sheets URLs ("Read and parse source data" — "fetch from Google Sheets via the Google Sheets MCP" in Process step 2), treating that untrusted, user-provided sheet content as input for field mapping, validation, and automated batched writes, so third-party content could materially influence mapping/decisions and subsequent actions.