datamol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's README and I/O docs (SKILL.md and references/io_module.md) explicitly show reading remote public sources (e.g., dm.read_csv("https://example.com/data.csv"), dm.read_sdf("s3://bucket/compounds.sdf") and dm.open_df(...)) and the required workflows ingest and act on that external data (standardize, filter, compute descriptors, cluster, etc.), so untrusted third‑party content can materially influence the agent's processing and subsequent actions.