spice-text-to-sql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to introspect datasets and include sampled rows and distinct column values (e.g., "SELECT * FROM my_table LIMIT 3", per-column DISTINCT sampling and the example reviews dataset from postgres/S3/federated connectors) into the LLM prompt, which means untrusted/user-generated third-party content from those data sources is fetched and can directly influence prompt construction and subsequent SQL/tool actions.