datamol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/io_module.md explicitly show reading arbitrary remote files via fsspec/HTTP/S3/GCS (e.g., dm.read_csv("https://example.com/data.csv"), dm.read_sdf("s3://bucket/compounds.sdf"), dm.open_df(...)) and then programmatically processing that untrusted, user-provided content (standardization, descriptor computation, reaction application), so third-party data can directly influence tool actions and decisions.