protocolsio-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches and ingests public, user‑generated protocols from protocols.io via the REST API (e.g., the GET calls to https://www.protocols.io/api/v4/protocols and get_protocol/get_protocol_by_doi shown in SKILL.md) and explicitly parses step descriptions/materials for downstream automation and decision-making (extract_protocol_steps, Workflow 2), so untrusted third‑party content could contain instructions that materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill makes runtime requests to https://www.protocols.io/api/v4 to fetch full step-by-step protocol content which can directly control agent instructions or downstream automation (e.g., opentrons), and the API is a required dependency for the skill’s functionality.