zarr-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes examples that open and read Zarr stores from cloud object storage (e.g., S3 via s3fs and GCS via gcsfs) and reads array data and JSON attributes/metadata, which are arbitrary third‑party/user-provided content the agent would ingest and could contain indirect prompt-injection payloads.