databricks-genie

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's migration workflow (spaces.md "Export, Import & Migration" and the agent workflow steps) requires exporting a serialized_space via migrate_genie(type="export"), reading and modifying that user-generated serialized_space (the .replace remapping example), and importing it back; the serialized_space contains instructions, example_question_sqls, SQL snippets and join specs that the agent consumes and which can directly change behavior, so it exposes the agent to untrusted third-party content.