ena-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse public, user-submitted ENA content (via the ENA Portal API, Browser API, Taxonomy REST API, and FTP/enaBrowserTools as described in SKILL.md and references/api_reference.md) and to act on that data (extract file URLs, metadata, and drive downloads/analysis), so untrusted third-party content can directly influence tool use and next actions.