gget

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples and parameters that instruct passing secrets (e.g., OpenAI api_key and COSMIC --password) as command-line arguments or function arguments, which requires the agent to include secret values verbatim in generated commands/code, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests data from multiple open/public third‑party resources (e.g., Ensembl/NCBI/UniProt, RCSB PDB, ARCHS4, cellxgene, cBioPortal, BLAST/SwissProt databases and downloadable reference files) as shown throughout SKILL.md and the workflows, and that external content is read and used to drive analysis and downstream actions (sequence retrieval, alignment, plotting, structure prediction), so it meets the criteria for exposure to untrusted third‑party content that could indirectly inject instructions.