writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to launch workflows:librarian subagents to fetch NLM notebooks, Readwise highlights, and full-text articles (see "Prerequisites" and "Librarian Search Pattern"), and then synthesizes those external quotes/sources to detect domain and drive next actions, so untrusted third‑party content is ingested and can materially influence behavior.