rstack-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly fetches and parses public listing and schema endpoints on resolved.sh (e.g., curl to https://resolved.sh/listing/$RESOLVED_SH_RESOURCE_ID/data and https://{subdomain}.resolved.sh/data/{filename}/schema), which return user-uploaded dataset schemas/descriptions that the agent must read and use to generate queries, pricing, and update commands—so untrusted third-party content can materially influence its actions.