clinvar-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill calls the public NCBI ClinVar E-utilities (BASE_URL https://eutils.ncbi.nlm.nih.gov/entrez/eutils/ in scripts/clinvar_api.py) and its evidence/efetch workflow explicitly ingests submitter-provided free-text fields (e.g., submissions[].curator_notes, assertion_criteria, citation_references) which the SKILL.md and code require the agent to read and use, so untrusted third‑party content can materially influence behavior.