Skills
skills/k-dense-ai/scientific-agent-skills/vaex/Snyk

vaex

Warn

Audited by Snyk on Apr 9, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's I/O documentation explicitly shows loading data and state from third-party locations (e.g., vaex.open('s3://bucket-name/data.parquet'), vaex.open('gs://bucket-name/data.parquet'), vaex.open('ws://hostname:9000/data') and df.state_load('state.json') in references/io_operations.md), which means untrusted external files/state can be ingested and can restore transformations/models that materially influence subsequent operations.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 9, 2026, 10:12 PM
Issues
1