astropy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly permits accessing remote FITS files over HTTP/S3 ("FITS File Handling" -> "Access remote FITS files (S3, HTTP)") and querying named objects from online databases ("Coordinate Systems" -> "Query named objects from online databases"), so the agent may fetch and parse arbitrary public web or database content that could contain untrusted, user-generated data.