encode-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md shows code that queries and downloads data from public ENCODE endpoints (https://www.encodeproject.org and https://api.encodeproject.org/screen), ingesting JSON and BED/bigWig file contents submitted by external researchers and using those results to select files and drive downstream actions (search, selection, download, parsing), so untrusted third‑party content can materially influence the agent's behavior.