astropy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to access and ingest public remote content (e.g., SKILL.md / FITS section: "Access remote FITS files (S3, HTTP)" and references/coordinates.md: "SkyCoord.from_name (requires internet)" and uses download_file examples), so it will read untrusted third‑party data (HTTP/S3 URLs, online catalogs) that can influence downstream processing and actions.