ena-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and references/api_reference.md explicitly instruct the agent to fetch and parse public ENA records and files (e.g., https://www.ebi.ac.uk/ena/portal/api, https://www.ebi.ac.uk/ena/browser/api/xml/{accession}, and ftp://ftp.sra.ebi.ac.uk) — public, user-submitted repository content that the agent reads and uses (e.g., extracting file URLs and metadata to drive downloads and pipeline actions), so untrusted third‑party data can influence tool use and next steps.