data-engineering-storage-remote-access-integrations-pandas

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly recommends passing key= and secret= directly to fsspec.filesystem(), which encourages embedding secrets verbatim in generated code/outputs even though no actual secret values are shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples (e.g., the "Auto-Detection" and "Explicit Filesystem" sections showing pd.read_csv("s3://bucket/data.csv"), pd.read_json("gs://bucket/data.json"), and fs.open(...) ) explicitly fetch and parse data from arbitrary cloud URIs (S3/GCS/Azure), which are untrusted third‑party sources and would be read/interpreted by the agent.