spark-python-data-source

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's implementation patterns and usage instructions explicitly fetch and ingest data from arbitrary external URLs (e.g., the Implementation Pattern shows YourReader.read calling requests.get(f"{self.url}?start=...") and writers posting to self.url, and the SKILL.md usage shows spark.read.format(...).option("url", "...").load()), which clearly allows untrusted public API/web content to be read and influence runtime behavior.