atmos-schemas

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill’s docs and workflow explicitly allow using remote schemas/URLs (e.g., schemas.atmos.manifest in atmos.yaml, the --schemas-atmos-manifest https://... CLI option, and the !import https://example.com/schema.json example) so the runtime validation step can fetch and consume arbitrary public third-party schema files that can materially change validation/behavior.