data-specialist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's included reference docs (e.g., references/cursor_rules_crewai.md) explicitly show agents/tasks using web-search and scraping tools ("Scrape website A", SerperDevTool) and other refs (e.g., references/cursor_rules_duckdb.md) demonstrate reading external S3/parquet files, indicating the agent is expected to ingest untrusted public web/storage content that can influence subsequent decisions and tool use.