data-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md clearly includes a Streamlit file upload handler and universal loader functions (load_data, extract_pdf_tables, extract_pptx_tables, extract_docx_text / parse_markdown_tables) that ingest arbitrary user-uploaded or external documents (PDF, PPTX, DOCX, Markdown, etc.) which the agent parses and uses to compute metrics and drive dashboard/chart actions, exposing it to untrusted third-party content that can influence behavior.