biopython

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes explicit examples that set Entrez.api_key = "your_api_key_here" and advises using API keys for NCBI rate limits, which encourages embedding secret values directly in generated code/outputs and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs using Bio.Entrez and Bio.Blast to fetch and parse records from public NCBI resources (GenBank, PubMed) and NCBI web BLAST results (see the Database Access and BLAST examples), which the agent reads and uses to drive subsequent fetching/processing, exposing it to untrusted third‑party content that can influence actions.