deep-research-academic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and reference/methodology.md explicitly require Phase 3 RETRIEVE to run parallel WebSearch/mcp__Exa__exa_search/WebFetch calls (examples include arxiv.org, news, industry sites) and to spawn Task agents to read and triangulate public web content, which the agent is expected to interpret and use to change outlines, spawn continuations, and drive report generation—therefore it ingests untrusted third‑party web content that can materially influence subsequent actions.