claude-scientific-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md and docs/examples.md explicitly instruct the agent to query and ingest content from public third‑party databases and websites (e.g., ChEMBL, PubMed, AlphaFold DB, PubChem, ClinicalTrials.gov, COSMIC, ENA, ZINC, OpenAlex) and to read/interpret those results to drive analyses and follow-up actions, which exposes the agent to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The README explicitly directs MCP-compatible clients to use the hosted MCP server at https://mcp.k-dense.ai/claude-scientific-skills/mcp during runtime to load the skills, which means remote content from that URL can deliver/modify skill behavior and thus directly control agent instructions at runtime.