xarray

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs and code explicitly instruct the agent to open and ingest external datasets (e.g., SKILL.md and scripts/climate_analysis.py use xr.open_dataset/open_mfdataset) and the I/O reference shows reading Zarr from public cloud stores (references/io_formats.md with s3fs.S3Map and gcsfs examples), so untrusted public data (S3/GCS/public NetCDF/Zarr files and their metadata/variables) are consumed and can influence analysis/variable selection.