biomedical-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for their Valyu API key and to run commands like scripts/search setup <api-key> (and shows embedding the key in example code), which requires the LLM to receive and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states the tool uses Valyu semantic search to return full-text content from public sources (PubMed, bioRxiv, medRxiv, ClinicalTrials.gov, FDA drug labels) and shows example flows that ingest and act on those results, so the agent consumes untrusted third‑party content that could influence subsequent decisions.