tooluniverse-single-cell

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries public third‑party databases (e.g., OmniPath / CellPhoneDB / CellChatDB, GEO, SRA, PubMed) via ToolUniverse (see "ToolUniverse Integration" in SKILL.md and the references/cell_communication.md examples calling OmniPath_get_ligand_receptor_interactions, OmniPath_get_signaling_interactions, PubMed_search_articles), ingests those results at runtime, and uses them to filter/score ligand‑receptor interactions and drive downstream analysis and reporting—so untrusted external content is read and can materially influence tool actions.