flowerpower

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and pipeline code (SKILL.md and references) explicitly load and process external, user-controlled data — e.g., reading arbitrary S3 paths with fsspec in list_s3_files/read_s3_file and calling external HTTP APIs in fetch_external_api — which the agent is expected to ingest and which can materially influence pipeline logic and subsequent actions.