nextflow-workflow-engine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly instructs fetching and executing community pipelines and container images from public sources (e.g., "nextflow pull nf-core/rnaseq" in Quick Start/Common Workflows and docker/quay.io container pulls), meaning the agent would download and run untrusted third‑party pipeline code that can change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains a runtime curl | bash installer (curl -s https://get.nextflow.io | bash) that fetches and executes remote code, and also instructs runtime fetching of runnable pipeline code via nextflow pull (e.g., nf-core/rnaseq) which downloads and executes external pipeline code—both are fetch-and-execute runtime dependencies.