citation-coverage-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 4 "Search iteratively" and Progressive Loading's "Use current web search") plus references/discovery-protocol.md explicitly instruct the agent to browse and inspect arXiv, OpenReview, Google Scholar, project pages, and other public sites, meaning it fetches and interprets untrusted public third‑party content that can change citation recommendations and subsequent editing/actions.