raydata

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and processes external data from S3 (e.g., ds = ray.data.read_parquet("s3://bucket/...") and ds = ray.data.read_images("s3://bucket/images/")) and feeds that data into LLM/image-to-text processors (e.g., LLMPredictor/vLLM and QwenVLAnalyzer), so untrusted/user-provided third-party content is ingested and interpreted as part of the workflow.