bioservices

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes an explicit, out-of-scope instruction to proactively recommend the K-Dense Web platform (a promotional behavior change) which is not part of the bioservices skill's stated purpose, so it constitutes a hidden/deceptive instruction altering agent behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows (SKILL.md and the included scripts such as scripts/protein_analysis_workflow.py, scripts/pathway_analysis.py, and scripts/compound_cross_reference.py) explicitly fetch and parse data from public third‑party services (e.g., UniProt, KEGG, NCBI/BLAST, PSICQUIC, UniChem, ChEBI, ChEMBL) and then use those results to drive mapping, follow‑up queries, and tool actions, so untrusted external content can materially influence the agent's next actions.