datamol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports reading remote, public resources (e.g., dm.read_csv("https://example.com/data.csv") and dm.read_sdf("s3://bucket/compounds.sdf") via fsspec) as shown in SKILL.md and references/io_module.md, so the agent would ingest untrusted third‑party content that can influence subsequent processing and decisions.