ray-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill shows functions that load and process data from arbitrary cloud storage paths (e.g., read_parquet("s3://..."), read_json("gs://..."), read_images("s3://..."), read_csv("...")), meaning the agent can ingest user-provided/untrusted third-party data from public S3/GCS buckets as part of its workflow, which could enable indirect prompt injection.