tooluniverse-pharmacogenomics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls public third-party APIs (e.g., CPIC via CPIC_get_recommendations which auto-resolves to the CPIC /drug endpoint, PharmGKB_search_variants/PharmGKB_get_clinical_annotations, fda_pharmacogenomic_biomarkers, EpiGraphDB, DGIdb, OpenTargets, FAERS, etc.), requires the agent to read and interpret those external results as part of its mandatory workflow (Phase 1–5) and uses them to produce clinical recommendations and follow-up actions, so untrusted public content could materially influence tool behavior.