tooluniverse-metabolomics-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and acts on external public database content—e.g., "Match features to HMDB, KEGG" in SKILL.md (Phase 1 and Phase 6) and code_examples that call tu.run_one_function for "hmdb_search_by_mass", "kegg_find_compound", and "kegg_enrich_pathway"—and those third‑party results are read and used to drive identification, enrichment, and downstream decisions, exposing the agent to untrusted external content that could carry indirect prompt injection.