cellxgene-census-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly opens and queries the public CZ CELLxGENE Census (e.g., cellxgene_census.open_soma and calls like census["census_info"]["datasets"].read(), cellxgene_census.get_obs, and axis_query on census["census_data"]["homo_sapiens"]) to ingest dataset metadata and user-contributed expression data from an external/public source, which the agent reads and uses to drive filtering, analysis, and downstream actions—thus exposing it to untrusted third-party content that could influence behavior.