hypogenic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted third-party content — e.g., cloning public GitHub datasets and processing user/third‑party PDFs placed in literature/YOUR_TASK_NAME/raw/ (see the "git clone" commands and Literature Processing / HypoRefine steps) — and instructs the agent/LLM to read and generate/refine hypotheses from that content, which can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs runtime git clones of external repositories—e.g., https://github.com/ChicagoHAI/HypoGeniC-datasets.git and https://github.com/ChicagoHAI/Hypothesis-agent-datasets.git—whose fetched config files and prompt templates are then used by the tool (and the pip-installed package https://pypi.org/project/hypogenic/ provides code that is executed), so remote content can directly control prompts or execute code at runtime.