aminer-open-academic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflows and client explicitly fetch and ingest public AMiner data (e.g., paper and person endpoints such as /api/paper/detail, /api/person/search and other APIs in SKILL.md and scripts/aminer_client.py), and those untrusted, user-contributed records are parsed and used to drive follow-up API calls and outputs, so third-party content can influence the agent's decision flow.