datamol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill's I/O explicitly supports fetching remote, arbitrary URLs and cloud paths via fsspec (see references/io_module.md and examples like dm.read_csv("https://example.com/data.csv") and dm.read_sdf("s3://bucket/compounds.sdf")), so the agent can ingest untrusted third-party content (HTTP/S, S3, GCS) and is expected to read/interpret it in its workflows.