gget

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and parameters that instruct passing sensitive credentials (e.g., OpenAI api_key and COSMIC --email/--password) directly as command-line arguments or function arguments, which requires the LLM to embed secret values verbatim in generated commands/code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The gget skill explicitly fetches and ingests live data from public third‑party databases (e.g., Ensembl/UniProt/NCBI via gget.search, gget.info, gget.seq; ARCHS4 and cellxgene; cBioPortal/cosmic/Enrichr) and the documented workflows show the agent reading those results and using them to drive subsequent tool calls and decisions (see Workflow 1, 3, and module docs), so untrusted external content can materially influence actions.