astropy-astronomy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill documentation and reference workflows explicitly show fetching and ingesting open web/S3 resources (e.g., references/auxiliary_modules.md: download_file('https://example.com/data.fits'), references/data_io_guide.md: fits.open('s3://bucket/data.fits'), and references/coordinates_time_cosmology.md: SkyCoord.from_name('M31') "requires internet"), which means the agent can read untrusted third‑party content (FITS/tables/headers/name resolver results) that would be interpreted and could change subsequent processing/decisions.