ingesting-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill contains numerous examples and templates that fetch and parse external, potentially user-generated content (e.g., the dlt GitHub example requests.get("https://api.github.com/repos/{repo}/issues"), generic API polling templates using api_base_url "https://api.example.com/items", S3/GCS reads in cloud-storage.md, and webhook handlers that parse incoming event JSON), so the agent will read and interpret untrusted third‑party content as part of its workflow.