uspto-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and processes public USPTO data (e.g., PatentSearch API at https://search.patentsview.org/api/v1/, PEDS, TSDR and Assignment APIs) as shown in SKILL.md and the provided scripts (scripts/patent_search.py, scripts/peds_client.py, scripts/trademark_client.py), and it expects the agent to read and act on that untrusted public text (patent abstracts, office actions, assignment records) as part of its workflow, so those third‑party contents could materially influence tool use or decisions.