string-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's helper code (scripts/string_api.py) and SKILL.md explicitly call the public STRING API (https://string-db.org) to fetch TSV/JSON/PNG results which the agent is expected to parse and act on (e.g., enrichment filtering, network expansion), so untrusted third‑party content from the open web can directly influence subsequent analysis and actions.