imaging-data-commons

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly instructs the agent to query and ingest public, third‑party IDC content (e.g., via idc-index client.sql_query() and downloads, public BigQuery datasets like bigquery-public-data.idc_current, the IDC public DICOMweb proxy, and public S3/GCS URLs) — including external/submitter clinical tables and annotations — and uses those results to drive downloads, viewer URLs, license checks, and downstream actions, so untrusted third‑party data can materially influence tool use.