biomni

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and Data Integration sections state the agent automatically downloads and uses ~11GB of public biomedical sources (e.g., PubMed abstracts, Ensembl, NCBI Gene, UniProt, ClinVar, OMIM, KEGG, PDB/AlphaFold) and can use MCP servers for web search/custom APIs, so the agent reads and acts on untrusted public third‑party content as part of its autonomous decision-making.