zarr-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes examples that open and read Zarr data from cloud object stores (e.g., s3fs S3Map root='s3://my-bucket/...', gcsfs GCSMap) and shows code that loads/inspects array contents (z_read[...] / zarr.open_consolidated), so the agent would ingest arbitrary, potentially user-generated data from third‑party cloud storage (and also links to external docs/community pages).