biopython

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The skill includes explicit examples that assign API credentials directly in code (e.g., Entrez.api_key = "your_api_key_here") which encourages the agent to request and embed secret values verbatim in generated outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses public, user-submitted data from external sources (e.g., Bio.Entrez calls like Entrez.esearch/efetch in references/databases.md and BLAST via NCBIWWW.qblast in references/blast.md and SKILL.md), and then uses those results (accessions/hits/records) to drive follow-up fetches and analysis, so untrusted third‑party content can materially influence agent actions.