load-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required ingestion workflows (references/INGESTION_PATTERNS.md and SKILL.md) instruct the agent to read remote files from untrusted public sources (e.g., read_parquet('s3://public-bucket/...') and read_parquet('https://data.example.com/public/data.parquet')), which the agent will parse and act on as part of its load/validate/promote workflow, allowing third-party content to influence subsequent actions.