cosmos-dbt-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports loading a precomputed manifest.json from remote URIs (manifest_path / manifest_conn_id) and uses that manifest / dbt_project.yml meta to drive parsing and DAG/task generation (including per-node operator_kwargs), so untrusted/user-provided manifest content would be ingested and can materially change tool behavior.