data-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The scripts (scripts/run_etl_pipeline.py) include an _extract_api method that calls requests.get(url) using a user-configurable source_config['url'] and then loads response.json() into a DataFrame, so the agent can fetch and directly read/interpret arbitrary external (untrusted) URLs/APIs as part of its workflow.