tiledbvcf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs ingesting and reading VCF/BCF files and cloud datasets from public/untrusted sources (e.g., s3://, gcs://, azure://, tiledb:// and the example source="s3://my-bucket/vcf-files/" in the TileDB-Cloud section), so the agent will consume arbitrary third‑party user-generated files as part of its workflow which can materially influence subsequent reads/operations.