anndata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and read data from arbitrary remote URLs and stores (see references/io_operations.md "Download from URL" with ad.read_h5ad(url, backed='r') and urllib.request.urlretrieve, and "Remote Zarr access" using fsspec.get_mapper('s3://...') or 'https://...'), which means it ingests untrusted public third‑party content that can materially influence subsequent tool use and decisions.