csv-data-summarizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's analyze.py explicitly calls pd.read_csv on a user-supplied file path and the README/skill docs instruct users to "upload any CSV" to Claude.ai, so the agent will ingest and interpret arbitrary, untrusted user-provided third‑party CSV content as part of its workflow.