galaxy-workflow-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs fetching and ingesting public third-party content (e.g., curl to a Galaxy invocation API URL "https://galaxy.server.org/api/invocations/$INVOCATION_ID", using Zenodo file URLs like "https://zenodo.org/records/.../files/...", and curl to raw GitHub content "https://raw.githubusercontent.com/...") and then parsing those responses to extract parameters and drive test generation, so untrusted external content can directly influence agent decisions and actions.