marimo-notebook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests untrusted third-party content — e.g., scripts/convert_notebook.py accepts a GitHub URL for .ipynb conversion and references/advanced.md documents mo.sql queries against external sources like s3://bucket/file.parquet and mo.iframe(html_with_scripts) which cause the agent to read/execute remote HTML/scripts — any of which the agent is expected to read/interpret and could materially change behavior.