tooluniverse-expression-data-retrieval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly retrieves and processes open/public, user-submitted datasets from ArrayExpress and BioStudies (e.g., SKILL.md Phase 2 tool calls like arrayexpress_search_experiments and biostudies_search/biostudies_get_study), so the agent will read and act on untrusted third-party content as part of its workflow.