geo-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md (and references/geo_reference.md) explicitly instructs the agent to fetch and parse public, user-submitted GEO content (via Entrez/E-utilities, GEOparse.get_GEO, and FTP downloads from ftp.ncbi.nlm.nih.gov), and to read metadata/SOFT/MINiML/series matrix files which are then used to select samples, group comparisons, and drive analysis/processing decisions, so untrusted third-party content can materially influence agent behavior.