data-engineering-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's ETL templates and examples explicitly ingest external, potentially untrusted data — e.g., DataPipeline.extract accepts s3:// paths and read_parquet(source), patterns/incremental.md shows consuming Debezium Kafka topics, and examples use requests.get to fetch APIs — meaning the agent would read and process arbitrary third‑party content as part of its workflow.