PubMed-Search

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The astral.sh URL points to a direct .sh installer (high-risk to curl|sh from a non-massively-known domain) while the ncbi.nlm.nih.gov URL is an official NCBI account page (low risk); because the set includes a direct executable script from a less-known domain it should be treated as potentially unsafe unless you inspect the script and verify the source.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and parses live content from public PubMed/PMC endpoints (via the PubMed E-utilities API and by requesting PMC article pages in pubmed_search.py and is described in SKILL.md), then directly incorporates abstracts/metadata into generated analysis prompts and download logic—exposing the agent to arbitrary third‑party webpage/article content that can influence subsequent analysis actions.