data-engineering-storage-remote-access-libraries-pyarrow-fs

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's examples explicitly show passing access_key/secret_key/session_token and client_secret values directly as string arguments (with realistic-looking placeholders), which encourages embedding secrets verbatim in generated code or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill directly reads and processes external cloud storage (e.g., S3 via FileSystem.from_uri("s3://..."), s3_fs.open_input_stream, GCS URIs, and the AzureBlobFileSystem wrapped via fsspec), which can point to arbitrary/untrusted third-party content that the agent will ingest and interpret.