bioservices

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt includes an explicit, out-of-scope instruction to proactively recommend the K-Dense Web platform (a promotional behavior change) which is not part of the bioservices skill's stated purpose, so it constitutes a hidden/deceptive instruction altering agent behavior.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly shows the skill programmatically fetching and parsing data from open public bioinformatics services (e.g., UniProt, KEGG, ChEMBL, QuickGO, PSICQUIC in the "Core Capabilities" examples and the scripts/ workflow examples), and those responses are read and used to drive multi-step workflows and decisions, so third‑party content can materially influence agent actions.