aminer-free-academic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md and references/api-catalog.md explicitly instruct the agent to call AMiner's public APIs (e.g., https://datacenter.aminer.cn/gateway/open_platform and endpoints like /api/paper/search, /api/person/search) to fetch public paper/scholar/venue/patent data that the agent ingests and uses to guide routing and next actions, so it consumes untrusted third-party content that could carry indirect prompt injections.