imaging-data-commons

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill programmatically queries and ingests public, user-accessible third-party content (e.g., IDC public cloud storage S3/GCS URLs like s3://idc-open-data, the IDC public DICOMweb proxy, and bigquery-public-data.idc_* datasets) and also accepts user-provided manifest/URLs, and the agent is expected to read and interpret that metadata and file contents as part of its workflow—creating clear exposure to untrusted external content that could carry indirect prompt-injection payloads.