marimo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's API documentation explicitly shows runtime ingestion of arbitrary public URLs (e.g., references/markdown.md: mo.latex(filename="https://example.com/macros.tex"), references/media.md: mo.image/mo.pdf/mo.video with https sources, and references/sql.md: mo.sql reading 'https://...' files), so the agent can fetch and interpret untrusted third‑party content that can materially influence notebook execution and subsequent actions.