tooluniverse-clinical-guidelines

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's mandatory workflow (SKILL.md Phases 1–3) instructs the agent to query and retrieve guideline content from public third-party sites (e.g., NICE_Clinical_Guidelines_Search, GIN_Guidelines_Search, TRIP_Database_Guidelines_Search, WHO_Guidelines_Search, PubMed/EuropePMC, NCCN_get_patient_guideline, CPIC tools) and to read and synthesize those external pages into decisions, so it clearly ingests open/public third‑party content that can influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches external guideline text at runtime and injects it into the agent's context (e.g., NCCN_get_patient_guideline will fetch the URL https://www.nccn.org/patientresources/patient-resources/guidelines-for-patients/guidelines-for-patients-details?patientGuidelineId=61), which directly controls prompts/responses and is a required dependency for full-text retrieval.