vaex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to open and ingest arbitrary third‑party data and remote resources (e.g., references/io_operations.md shows df = vaex.open('s3://bucket-name/data.parquet') and remote server usage df = vaex.open('ws://hostname:9000/data'), and it also loads state files via df.state_load('state.json')), so untrusted/user-provided files or state definitions can be fetched and can materially change processing, pipelines, or models used by the agent.