literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill runs scholar-search and optional arxiv-search to populate candidates.json and explicitly instructs the agent to read titles/abstracts and to fetch full texts (via arxiv-analyze or open-access PDF URLs) as part of screening and reading (see SKILL.md Phases 2–5 and scripts/literature_review.py cmd_search/cmd_screen/cmd_fetch), so it ingests public, untrusted third‑party content (papers/PDFs/abstracts) that the agent must interpret and that can materially influence next actions.