tooluniverse-expression-data-retrieval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, submitter-provided content from ArrayExpress and BioStudies (e.g., tu.tools.arrayexpress_search_experiments, arrayexpress_get_experiment_details, biostudies_search_studies, biostudies_get_study_details) and requires the agent to read that metadata and files to drive dataset selection, quality assessments, and recommendations, so untrusted third-party content can materially influence behavior.