biomni

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — biomni automatically downloads and ingests ~11GB of public biomedical databases and literature (e.g., PubMed abstracts, Ensembl, NCBI, UniProt) and can use MCP servers for web search/custom APIs, and the agent explicitly retrieves and interprets that external content as part of its workflow, exposing it to untrusted third-party data that could enable indirect prompt injection.