citation-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to verify DOIs/arXiv/OpenReview/proceedings pages and to open cited papers' abstracts/PDFs as part of Steps 4–5 (and the script notes it “leaves DOI/metadata/claim verification to the host agent”), which requires fetching and reading public third‑party webpages/PDFs (arXiv/OpenReview/publisher/CrossRef) whose untrusted/user‑provided content can materially influence auditing decisions and next actions.