tooluniverse-epigenomics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls external ToolUniverse annotation APIs (e.g., ensembl_lookup_gene, ensembl_get_regulatory_features, SCREEN_get_regulatory_elements, ChIPAtlas_get_experiments) in Phase 6 of SKILL.md to fetch public Ensembl/SCREEN/ChIPAtlas/ENCODE data, and those third-party responses are parsed and used to drive annotation and downstream analysis decisions, exposing the agent to untrusted public content that could carry indirect prompt-injection instructions.