data-engineering-storage-remote-access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill contains code that directly lists, opens, and reads files from arbitrary cloud and web backends (e.g., fsspec/pyarrow.fs/obstore calls like s3_fs.open('s3://bucket/...'), fsspec.open("simplecache::s3://..."), s3_fs.find(), obs.get()/obs.list(), and HTTP/FTP backends), meaning the agent will ingest and process untrusted third-party content from S3/GCS/Azure/HTTP sources which could carry indirect prompt injection.