Skills
skills/swn94/claude-scientific-skills/clinvar-database/Snyk

clinvar-database

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user‑submitted ClinVar content (via the ClinVar web interface at https://www.ncbi.nlm.nih.gov/clinvar/, the E-utilities API at https://eutils.ncbi.nlm.nih.gov/entrez/eutils/, and FTP downloads from ftp://ftp.ncbi.nlm.nih.gov/pub/clinvar/), and instructs the agent to read/parse those XML/VCF/tab‑delimited records (which are third‑party/user‑generated), so the agent would consume untrusted external content that could carry indirect prompt injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 01:02 PM