biopython

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md explicitly instructs using Bio.Entrez and Bio.Blast/NCBIWWW to fetch and parse records from public NCBI resources (GenBank, PubMed, BLAST results) which are untrusted third‑party content that the agent reads and uses to drive follow-up actions (e.g., selecting top BLAST hits and fetching sequences), so these external records could materially influence behavior.