schema-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches schema and sample/profile values from the LYTICS API (e.g., the /v2/schema/.../field, /api/schema/.../fieldinfo, and /api/schema/.../fieldsuggest endpoints) and uses those untrusted/user-derived value distributions to confirm and choose fields as part of its required workflow, so third‑party content can materially influence decisions.