database-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs the agent to query and ingest raw JSON from many open/public third‑party APIs (e.g., PubChem, GEO, ClinicalTrials.gov, AlphaFold, etc. listed in references/) and to read and act on those results as part of its decision and query-selection process, so untrusted public content is consumed and can influence subsequent tool use.