mol-2d-viewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's name_to_smiles function (scripts/mol_2d_viewer.py) calls the public OPSIN API at https://opsin.ch.cam.ac.uk/opsin/... and parses JSON/CML from that third‑party service to obtain SMILES which are then used to drive rendering and downstream actions, so untrusted remote content can materially influence the agent's behavior.