skills/crazymsn/academic-skills/database-lookup/Snyk

database-lookup

Warn

Audited by Snyk on May 28, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). At runtime the skill queries multiple public REST APIs (e.g., BindingDB, PubChem, ENA, etc.) and then injects the returned raw JSON (which can include free-text fields like titles/descriptions/synonyms) into the agent’s LLM context; these are outsider-authored dataset content fetched over the network.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 28, 2026, 03:42 PM

Issues

1

Security Audit — snyk — database-lookup