observable-notebooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly downloads and ingests content from public, user-hosted sources (e.g., the "notebooks download https://observablehq.com/@d3/bar-chart" command and examples using fetch("https://api.example.com/data")), meaning the agent would read and execute untrusted third-party notebook/data content from the open web (Observable and arbitrary URLs).