vgp-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and DATA_INTEGRATION.md explicitly instruct the agent to fetch and parse content from public third‑party sources (e.g., raw GitHub .ga files via https://raw.githubusercontent.com/, Dockstore API endpoints, GenomeArk S3 URLs like https://genomeark.s3.amazonaws.com/ and s3://genomeark/ via aws s3 cp, and NCBI eutils), and that external, untrusted content is read and used to determine workflow versions, inputs, and decision logic—meeting the criteria for indirect prompt injection risk.