orchestrate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The orchestrator explicitly routes to a /fulltext-retrieval skill that "Batch download[s] open-access PDFs by DOI using Unpaywall, PMC, OpenAlex APIs" (SKILL.md) and also invokes literature/verify flows that read PubMed/CrossRef, so it will ingest public third‑party content which is then read and used to drive downstream analysis and decisions (e.g., meta-analysis), exposing the agent to untrusted external content.