astropy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the skill can access remote FITS files via S3/HTTP (FITS File Handling) and query named objects from online databases (Coordinates), meaning the agent will fetch and interpret untrusted public web-hosted data that can materially influence analyses and subsequent actions.