data-engineering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes end-to-end RAG and embedding pipelines that read arbitrary documents from external sources (e.g., read_parquet/delta_scan on s3:// paths, ATTACH 'postgres://...' in catalogs/duckdb-multisource.md, LanceDB/pgvector ingestion in ai-ml/vector-databases.md and ai-ml/rag-pipelines.md) and then assembles that retrieved content as LLM prompt context and judgments, which clearly ingests untrusted, third‑party/user-provided content into the agent's runtime workflow and could enable indirect prompt injection.