csv-processor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests untrusted, user-provided CSV content — e.g., frontend parseContractorCsv(file: File) with PapaParse and the backend import_contractors UploadFile/csv reader and stream_csv_rows in SKILL.md — and parses/validates those rows (with implied database insertion), so third-party CSV data can materially influence actions.