clinvar-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly instructs the agent to fetch and ingest public, user-submitted ClinVar content via NCBI E-utilities (https://eutils.ncbi.nlm.nih.gov/...) and the ClinVar FTP (ftp://ftp.ncbi.nlm.nih.gov/pub/clinvar/) — including efetch/VCF/XML downloads and parsing described in SKILL.md and references/api_reference.md — which the agent is expected to read and act on (annotate/filter) and therefore could allow untrusted third-party content to influence tool use or decisions.