cellxgene-census

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md shows it programmatically opens the public CELLxGENE Census (via cellxgene_census.open_soma and the TileDB‑SOMA backend) and fetches/reads untrusted third‑party dataset metadata and expression matrices with get_obs/get_anndata/axis_query, which the agent then interprets to choose query strategies and downstream actions (streaming, filtering, model training).