dataset-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill (scripts/dataset.py and SKILL.md) explicitly searches and downloads data from public, user-contributed sources (Kaggle, Hugging Face, UCI via requests/BeautifulSoup, Data.gov) and then reads/previews those datasets and metadata as part of its workflows (preview, datacard generation, download/selection), meaning untrusted third-party content is ingested and can materially influence subsequent tool actions.