gget

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains examples and parameters that pass API keys and passwords directly (e.g., --api_key your_key_here, --password xxx, api_key="your_key_here"), which instructs embedding secret values verbatim into commands/code and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and included scripts (e.g., scripts/batch_sequence_analysis.py and scripts/gene_analysis.py) explicitly fetch and ingest data from public third-party resources such as Ensembl, NCBI/BLAST, ARCHS4, CZ CELLxGENE, OpenTargets, cBioPortal, COSMIC, RCSB PDB, UniProt, and others, and then parse those results to drive follow-up actions (e.g., selecting PDB IDs from BLAST hits and downloading structures), which clearly exposes the agent to untrusted public web content that can influence subsequent tool use.