galaxy-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed API keys directly into commands and code (e.g., planemo command with --galaxy_user_key, curl -H 'x-api-key: '$API_KEY), and even states to "use full key in command," which requires the LLM to handle or output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflows use BioBlend and direct Galaxy API calls (e.g., gi.invocations.show_invocation, gi.jobs.show_job, gi.histories.show_history and curl examples against https://usegalaxy.org or other Galaxy servers) to fetch external, user-generated histories, invocation/job stderr and parameters and then interpret those fields to decide retries, reruns, and other actions, so untrusted third-party content can materially influence agent behavior.