gget

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and parameters that instruct passing sensitive credentials (e.g., OpenAI api_key and COSMIC --email/--password) directly as command-line arguments or function arguments, which requires the LLM to embed secret values verbatim in generated commands/code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries and ingests open/public third-party databases (e.g., Ensembl/Ensembl FTP, NCBI/BLAST, UniProt, RCSB PDB, ARCHS4, cBioPortal, COSMIC, OpenTargets) as shown in SKILL.md workflows and references and the provided scripts (e.g., scripts/batch_sequence_analysis.py and workflows) where BLAST/search/pdb results are parsed and used to decide follow-up actions (downloading PDBs, running AlphaFold), so untrusted external content can directly influence the agent's tool use and next actions.