pubmed-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI (scripts/pubmed_api.py) directly fetches content from public NCBI endpoints (EUTILS_BASE and PMC_BIOC_BASE) — e.g., search_pubmed, fetch_article_abstracts, and get_full_text_pmc — and the documentation/recipes require the agent to read and act on those PubMed/PMC results, so third-party web content can materially influence subsequent tool use and decisions.