databricks-dbsql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly includes runtime ingestion of external, potentially untrusted content via http_request (external HTTP connections to arbitrary hosts), read_files (s3://, gs://, /Volumes paths and glob patterns), and remote_query (federated queries to external databases), and then shows AI functions (ai_query, ai_parse_document, ai_extract, etc.) that read and interpret that content as part of processing, which clearly enables indirect prompt injection from third-party/user-generated sources.