marimo-notebooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and workflows show the agent will load and act on external, user-provided content — e.g., SKILL.md/references/advanced.md documents mo.sql queries against external sources like s3://... and read_csv(...), mo.iframe(html_with_scripts) which executes remote HTML/scripts, and scripts/convert_notebook.py explicitly accepts GitHub URLs for conversion — all of which permit ingesting untrusted third‑party content that can influence execution and subsequent actions.