tooluniverse-clinical-trial-matching

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and parses untrusted, public third-party content—notably ClinicalTrials.gov eligibility text and trial descriptions (via search_clinical_trials and get_clinical_trial_eligibility_criteria) as well as PubMed/CIViC/OpenTargets drug and evidence data— and the required workflow and MATCHING_ALGORITHMS.md show the agent reads and interprets that content to drive scoring, matching decisions, and next-step recommendations, creating a clear avenue for indirect prompt-injection from web-sourced, user-generated or public data.