databricks-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's installation and platform-support instructions explicitly tell the agent to "Read https://raw.githubusercontent.com/lucaswhch/awesome-skills/main/skills/enterprise/databricks/databricks-engineer/SKILL.md" (a public GitHub raw URL), meaning the agent will fetch and apply public third‑party content that can directly change its prompts or behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs agents at install/runtime to "Read https://raw.githubusercontent.com/lucaswhch/awesome-skills/main/skills/enterprise/databricks/databricks-engineer/SKILL.md and apply databricks-engineer skill", which means it fetches remote raw GitHub content at runtime that would be injected into/replace agent prompts (thus directly controlling instructions).