string-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's CLI (scripts/string_cli.py) makes HTTP calls to the public STRING API (URL_TEMPLATE 'https://version-{api_version}-0.string-db.org/...') and the valuesranks flow and docs (references/valuesranks.md and the valuesranks-status loop) explicitly require reading JSON responses (including fields like "api_key", "job_id", and a returned "download_url") which the agent must parse and can drive follow-up requests/actions, exposing it to untrusted third‑party content.