brenda-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill dynamically fetches and parses data from the public BRENDA SOAP API (e.g., https://www.brenda-enzymes.org/soap/brenda_zeep.wsdl) as shown in SKILL.md and scripts/brenda_queries.py (calls to get_km_values/get_reactions and parsing of commentary fields), and that external, public content is directly read and used to drive enzyme selection, pathway building, and other decision-making—exposing the agent to untrusted third‑party content that could inject instructions indirectly.