spice-connect-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly allows ingesting data from untrusted public sources—e.g., the github:github.com/.../issues connector and HTTP/HTTPS, S3, FTP/SFTP, and document file connectors that produce content columns—so the agent will read and act on third-party user-generated content that can influence queries and actions.