pubchem-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and parse public PubChem data via PUG-REST endpoints (e.g., https://pubchem.ncbi.nlm.nih.gov/rest/... ) and PubChemPy (annotations, bioassay JSON, synonyms, etc.), and that third-party content is read and used to drive searches, property analyses, and subsequent decisions—exposing the agent to untrusted public web content.