explore

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to attach and query shared databases (e.g., "ATTACH '<share_url>' AS shared_db" and listing MD_INFORMATION_SCHEMA.SHARED_WITH_ME) and to preview rows and read table/column comments (references/EXPLORATION_PLAYBOOK.md), which causes the agent to ingest untrusted, user-shared third-party data that can materially influence subsequent queries and actions.