quickstart-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.95). Step 2 fetches outsider-authored free text from Snowflake Quickstart markdown hosted in the public GitHub repo Snowflake-Labs/sfquickstarts (via web_fetch of the GitHub contents API and raw download_url markdown), which is then parsed and inserted into the agent’s LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs runtime fetches of Quickstart markdown and companion-repo files from GitHub (e.g., https://api.github.com/repos/Snowflake-Labs/sfquickstarts/contents/site/sfguides/src/ and the returned files' download_url, and may run git clone on companion repo URLs), and that fetched content directly controls the agent's plan and the code it will execute.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)