literature-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow (Step 2 "Direct Search" and 2d "Open Source Discovery") explicitly instructs the agent to search and read open/public third‑party sources—Google Scholar, Semantic Scholar, arXiv, DBLP, GitHub, Papers With Code and conference proceedings—and to use that content to select papers, validate claims, and drive gap-identification and recommendations, so untrusted external content is ingested and can materially influence actions.