data-pipelines

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs ingesting from external third-party sources (e.g., dlt's rest_api_source with arbitrary base_url and DuckDB examples reading 's3://bucket/path/*.parquet' and CSV files), so the agent is expected to fetch and interpret untrusted public content during ingestion which can influence downstream pipeline actions.