cellxgene-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md mandates using scripts/rest_request.py to call the public CELLxGENE Discover API at https://api.cellxgene.cziscience.com/curation/v1, and the script fetches and parses arbitrary public dataset JSON which the agent reads and summarizes as part of its workflow, so untrusted third‑party content could contain instructions that influence behavior.