ray

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows runtime code that ingests untrusted external content—e.g., serve_model.py's SentimentService reads and classifies arbitrary HTTP request JSON bodies, and ray_data.py reads datasets from external S3 URLs—so third‑party input can be interpreted and influence behavior.