dataset-evaluation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly accepts S3 URIs in SKILL.md ("The full path may be a local file path, or an S3 URI") and the included scripts/format_detector.py contains _sample_s3_file which reads and parses the first megabyte of arbitrary S3 objects, so the agent will ingest untrusted third‑party (user-provided/public S3) content and use that parsed content to decide format/validation and next actions.