imaging-data-commons

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to query and ingest public IDC metadata and data from open third‑party sources (idc-index SQL queries, BigQuery datasets, DICOMweb public proxy, and public S3/GCS buckets — see "Core workflow", "Querying Metadata", "BigQuery Guide", "DICOMweb Guide", and "Cloud Storage Guide"), which are untrusted/public submissions and are read/interpreted to decide downloads, licenses, and next actions, so untrusted content can materially influence tool use.