quarto

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow includes code examples that fetch and ingest external, potentially untrusted content during render (e.g., the "Data Extraction" and "Complete Example: Reproducible Analysis" cells that call BigQuery/subprocess, lancer searches, and pd.read_csv('https://data.company.com/public/sales-2024.csv')), so the agent would read/interpret third‑party web/API data which can materially influence subsequent analysis and actions.