code-exec-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md files explicitly instruct fetching and ingesting public, user-generated content (e.g., kaggle-api-guide/SKILL.md shows "kaggle datasets download" and "kaggle kernels pull" and reading dataset descriptions, and google-colab-guide/SKILL.md shows wget/arbitrary-URL downloads and Hugging Face load_dataset), meaning the agent workflow involves reading third‑party web content/notebooks that could contain instructions influencing subsequent tool use.