byted-bytehouse-ai-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/text2sql.py) POST to an external Text2SQL API (built from BYTEHOUSE_HOST or a user-provided config.url) and stream/parse the remote response into SQL which is then executed, thus ingesting and acting on untrusted third‑party content from arbitrary URLs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill at runtime calls the external Text2SQL API endpoint (https://<BYTEHOUSE_HOST>/matrix/v1/conversation or a user-supplied config.url) via requests.post to stream back SQL text which is then parsed and executed by execute_sql.py, so the fetched remote content directly controls the agent's instructions/commands.