csv-data-summarizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests user-supplied CSVs (SKILL.md / README instructs "Upload any CSV file") and analyze.py calls pandas.read_csv(file_path) to read and interpret that untrusted, user-provided tabular content as part of its automatic analysis, so maliciously crafted CSV data could perform indirect prompt-injection via the analyzed output.