astropy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly shows fetching and ingesting arbitrary public resources (e.g., remote FITS via s3/HTTP in references/fits.md, SkyCoord.from_name lookups in references/coordinates.md, and astropy.utils.data.download_file in references/wcs_and_other_modules.md), so the agent will read/interpret untrusted third‑party content.