gget

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and parameters that instruct passing sensitive credentials (e.g., OpenAI api_key and COSMIC --email/--password) directly as command-line arguments or function arguments, which requires the LLM to embed secret values verbatim in generated commands/code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The gget skill routinely fetches and ingests data from open public third‑party sources (e.g., ARCHS4, CZ CELLxGENE Discover, cBioPortal, Ensembl/UniProt/NCBI/BLAST databases, COSMIC downloads), including user‑submitted or aggregated public datasets, and the agent is expected to read and interpret those results as part of its workflows, so it can be exposed to untrusted external content that could carry indirect prompt‑injection vectors.