tooluniverse-rare-disease-diagnosis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow and code (SKILL.md and DIAGNOSTIC_WORKFLOW.md) explicitly call public third‑party APIs and indexes (e.g., Orphanet, OMIM, ClinVar, gnomAD, PubMed/BioRxiv/OpenAlex, DisGeNET, CELLxGENE, ChIPAtlas) and requires the agent to ingest and interpret those external results to rank diagnoses, prioritize genes, and decide testing/actions, so untrusted web content can directly influence tool use and decisions.