semantic-scholar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls the Semantic Scholar API (e.g., "asta papers snippet-search", "asta papers search", and related commands) to fetch public paper full text and snippet excerpts from third‑party sources which the agent is expected to read and use to drive follow-up actions, so untrusted content could materially influence behavior.