jaspar-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's bundled script scripts/jaspar_api.py directly fetches and prints/parses responses from the public JASPAR API (https://jaspar.elixir.no/api/v1/) via _CLIENT.fetch_json and _CLIENT.fetch_text (including raw non-JSON formats printed with _print_text), and those untrusted public responses are used to resolve IDs and compute PWMs, so third‑party content can materially influence agent behavior.