observable-framework-sql

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs registering tables from externally-hosted full URLs (e.g., "To load externally-hosted data, use a full URL" with an earthquake.usgs.gov CSV example) and notes tables can be registered dynamically via user input, meaning the agent will fetch and run SQL over arbitrary third‑party data as part of its workflow.