plotly

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes code that explicitly fetches and parses public CSVs from GitHub (e.g., pd.read_csv('https://raw.githubusercontent.com/plotly/datasets/master/api_docs/mt_bruno_elevation.csv') and pd.read_csv('https://raw.githubusercontent.com/plotly/datasets/master/finance-charts-apple.csv')), so it ingests untrusted third-party content the agent would read/interpret.