ladybugdb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports ATTACH (references/attach.md) and COPY FROM / LOAD FROM (references/import.md) against external sources such as s3://, gcs://, bolt://, remote databases and arbitrary file paths, so the agent is expected to ingest and act on untrusted third‑party data (public cloud buckets / external DBs) that can materially influence queries and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill includes a setup command that fetches and pipes a remote script to a shell — "curl -s https://install.ladybugdb.com | bash" — which executes external code at runtime as the provided installer for the CLI.