datahub-connector-planning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Step 2 (Research the Source System) explicitly instructs the agent to perform WebSearch/WebFetch against public sources (e.g., PyPI, Docker Hub, API documentation, arbitrary web pages) and to read those findings to drive classification, architecture decisions, and config design, which exposes the agent to untrusted third‑party content that can materially influence subsequent actions.