wenxian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md mandates fetching and ingesting content from public third-party sources—PubMed (for abstracts/search results), a public GitHub repository (via scripts/sync_share_repo_jcr.sh), and the EasyScholar open API—whose returned text/metadata are read and used to drive selection, ranking, and downstream agent actions, so untrusted external content can materially influence behavior.