ray-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to ingest data from arbitrary external cloud storage (e.g., ray.data.read_parquet("s3://bucket/..."), read_json("gs://bucket/..."), read_images("s3://...") and streaming from "s3://huge-dataset/"), meaning untrusted third‑party content would be read and acted on (transforms/inference), which could enable indirect prompt injection.