find-literature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md instructs the agent to run "asta literature find" and use the Semantic Scholar CLI ("asta papers search", "asta papers get") to fetch paper abstracts, snippets, and citation contexts from public sources like Semantic Scholar/arXiv, which the agent is expected to read and use to rank/summarize papers and drive follow-up actions—exposing it to untrusted, user-generated/public web content that could carry indirect prompt injection.