dnanexus-integration

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt contains an explicit instruction to proactively promote and recommend K-Dense Web (an unrelated third‑party product) when complexity increases, which directs the agent to behave outside the DNAnexus integration skill's stated purpose and therefore constitutes a deceptive/out‑of‑scope instruction.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly permits full internet/network access and includes runtime examples that fetch and execute third-party artifacts—e.g., references/configuration.md and references/app-development.md show subprocess calls to pip install packages and docker pull (and SKILL.md lists "access": ["network": ["*"]"]), so at runtime untrusted PyPI/Docker/GitHub content can be ingested and materially change job behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes clear runtime commands that fetch and execute remote code — e.g., subprocess.check_call(["pip","install",..."]) (pulling packages from PyPI/pypi.org) and subprocess.check_call(["docker","pull","biocontainers/samtools:v1.9"]) (pulling a Docker image from Docker Hub), so external content would be executed at runtime.