datamol

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows reading from remote, public sources (e.g., "Remote file support (S3, GCS, HTTP)" and examples like dm.read_csv("https://example.com/data.csv") and dm.read_sdf("s3://bucket/compounds.sdf")), which ingests untrusted third-party content as part of the documented pipelines and that data can materially influence downstream processing and decisions (filtering, clustering, model training), so it exposes the agent to indirect prompt-injection risk.