biopython

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes an explicit example assigning Entrez.api_key in code (Entrez.api_key = "your_api_key_here"), which encourages embedding API keys directly in generated code or outputs and therefore can lead the LLM to handle or echo real secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse open/public third‑party data (e.g., NCBI via Bio.Entrez esearch/efetch in references/databases.md and Bio.Blast.NCBIWWW.qblast in references/blast.md, and PDB downloads via Bio.PDB.PDBList.retrieve_pdb_file in references/structure.md), which the agent is expected to read and act on (selecting hits, accessions, fetching sequences) so external, user-submitted/public content can materially influence subsequent tool use and decisions.