managing-data-catalogs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow includes connecting to and loading metadata/data from external REST/catalog endpoints and arbitrary URLs (e.g., RestCatalog(uri="https://api.tabular.io/ws/") and iceberg_scan('https://catalog.example.com/...') in rest-catalog.md and the ATTACH examples in duckdb-catalog.md), meaning the agent would ingest untrusted third‑party API/web content as part of normal operations and that content could materially influence subsequent catalog actions and queries.