anndata-data-structure

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to load external dataset files and cloud Zarr stores (e.g., SKILL.md Core API I/O examples like ad.read_h5ad("data.h5ad"), the batch-file glob in Workflow 2, and references/data_structure_io.md "Zarr Advanced Patterns" showing s3:// and gs:// stores), and those workflows consume and act on metadata (adata.obs, adata.uns["neighbors"]["params"]) to drive filtering and processing, so untrusted third‑party files could indirectly inject instructions that change agent behavior.