phenosnap-phenotype-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required bootstrap and runtime steps (SKILL.md §2B/3/6) explicitly clone or download PhenoSnap from the public GitHub URL (https://github.com/WGLab/PhenoSnap or its main.zip) and then import/run extract_phenotypes.py, so untrusted third-party code/content from the open web is fetched and executed as part of the workflow and can therefore influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly fetches and runs remote code at runtime—e.g., git clone https://github.com/WGLab/PhenoSnap.git (or downloading https://github.com/WGLab/PhenoSnap/archive/refs/heads/main.zip) and optionally executing https://bootstrap.pypa.io/get-pip.py—so those URLs supply required code that will be executed locally.