cellxgene-census

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). The skill's runtime workflow (e.g., SKILL.md examples that read census["census_info"]["datasets"].read().concat().to_pandas(), cellxgene_census.get_obs/get_var, and related metadata queries) programmatically ingests public CELLxGENE Discover datasets and contributor metadata (user-generated, public) which the agent is expected to read and use to drive queries/analysis, so untrusted third-party content could indirectly influence actions.