search-lit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses content from public third-party sources (PubMed via MCP and NCBI E-utilities, Semantic Scholar, bioRxiv/medRxiv, CrossRef/publisher landing pages, Unpaywall, OpenAlex, and Embase via browser automation), and that external content is read and used to verify citations and drive subsequent actions (PDF retrieval, BibTeX verified flags, Zotero imports), so untrusted third-party data can materially influence tool behavior.