anndata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports reading data from arbitrary URLs and cloud storage (see references/io_operations.md: read_h5ad(url, backed='r'), fsspec.get_mapper('s3://...') / remote Zarr access, and the urllib.request.urlretrieve example), so the agent will fetch and parse untrusted third‑party files that could contain adversarial instructions embedded in user-provided data.