ai-for-science-diffsbdd

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs cloning and executing code from a public GitHub repo (https://github.com/arneschneuing/DiffSBDD.git) and downloading a checkpoint from Zenodo (https://zenodo.org/record/8183747/files/crossdocked_fullatom_cond.ckpt) as required steps, meaning untrusted third‑party code/artifacts are fetched and executed/loaded and can materially influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). I flag the git URLs https://github.com/rusty1s/pytorch_scatter.git and https://github.com/arneschneuing/DiffSBDD.git because the skill explicitly clones them at runtime and then runs setup/install or project scripts (python setup.py bdist_wheel / pip install and later running the cloned project), which executes remote code that the skill requires.