portal-dataset-discovery

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Discovery Workflow explicitly instructs fetching and interpreting public third-party content — e.g., checking https://github.com/subsquid/sqd-portal/blob/master/resources/schemas.json and curling https://portal.sqd.dev/datasets/{dataset-name}/metadata — which the agent would read to determine dataset names and drive subsequent queries, exposing it to untrusted user-controlled web content.