convert-file

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly accepts remote inputs (e.g., "For remote inputs (s3://, https://, etc.)" and instructs DuckDB to COPY FROM those paths), so the agent will fetch and ingest untrusted public URLs/S3 content as part of its conversion workflow, which could allow indirect prompt injection via the fetched content.