generate-validation-notebook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from public GitHub PRs and repo files via gh pr view, gh api repos/.../contents/...?ref=<head_sha> and similar commands (see Phase 1 and the MC Bridge README fetch), and the agent parses diffs, model SQL, and dbt_project.yml to decide schema, changed fields, and which validation queries to generate—so untrusted, user-generated third-party content can directly influence tool behavior and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs GitHub CLI commands at runtime that fetch repo files (e.g. gh api repos///contents/<file_path>?ref=<head_sha>) and explicitly fetches the mc-bridge README (gh api repos/monte-carlo-data/mc-bridge/readme | base64 --decode) which are required runtime fetches whose contents are injected into the agent's output/instructions (setup/how-to excerpts and notebook content), so this external content directly controls what the agent presents to the user.