data-engineering-storage-remote-access-libraries-fsspec

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill demonstrates reading and opening arbitrary third-party resources (e.g., s3_fs.open('s3://my-bucket/...'), fsspec.open("simplecache::gzip::https://example.com/data.csv.gz") and pd.read_csv on remote files), which means the agent could ingest untrusted user-generated or public web content (S3/GCS/HTTP) as part of its workflow.