dashboard-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILLs explicitly show loading data from arbitrary URLs and sources (e.g., dashboard-pandas: pd.read_csv('https://example.com/data.csv') and dashboard-core's load_data(source) which calls pd.read_csv(source)), so the agent is expected to ingest untrusted public web/user-provided content that can materially influence data processing and app behavior.