biomedical-search

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for their Valyu API key and to run commands like scripts/search setup <api-key> (and shows embedding the key in example code), which requires the LLM to receive and output secret values verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill uses Valyu's semantic search to fetch and return full-text content from public third-party sources (PubMed, bioRxiv, medRxiv, ClinicalTrials.gov, and FDA drug labels), including unreviewed/user-generated preprints, which the agent is expected to read and interpret.