rilldata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The agent's required workflow (see runtime/ai/instructions/data/development.md in AGENTS.md) explicitly instructs using connector introspection and query tools like list_buckets, list_bucket_files and query_sql to discover and load data from public HTTP/S and object-store connectors (e.g., S3, GCS, HTTPS), meaning it will fetch and interpret untrusted third‑party content that can influence subsequent modeling and actions.