single-cell-downstream-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and ingesting public third‑party resources at runtime—e.g., cloning the CaDRReS-Sc GitHub repo and calling ov.utils.download_CaDRReS_model()/download_GDSC_data(), downloading GENCODE GTFs, SCENIC cisTarget databases (db_glob/motif_path), and pathway libraries (GO/KEGG)—which are untrusted public content used directly in the workflow and can materially influence analysis and tool execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires cloning and using the external repository (git clone https://github.com/CSB5/CaDRReS-Sc), which is fetched at runtime and then invoked via scriptpath in Drug_Response so remote code from that URL will be executed as a required dependency.