tooluniverse-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and ingests content from public third‑party sources (e.g., PubMed_search_articles, UniProt_get_entry_by_accession, ChEMBL_search_molecule_by_target, OpenTargets_get_associated_targets_by_disease_efoId) as shown in SKILL.md/REFERENCE.md, and those results are parsed/summarized and used to drive subsequent tool calls and workflow decisions, exposing the agent to untrusted public web content that could contain malicious instructions.