marimo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's APIs explicitly allow loading and rendering arbitrary remote, user-provided content (e.g., mo.sql queries from remote URLs like "https://example.com/data.csv", mo.latex(filename="https://example.com/macros.tex"), mo.image/mo.video/mo.pdf with URL sources, and mo.iframe/external HTML), so the agent can fetch and interpret untrusted third‑party content at runtime.