literature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs sub-agents to perform web searches and fetch content from public sources—e.g., Google Scholar, Semantic Scholar, arXiv, publisher pages, Crossref API and general WebSearch in Phase 2 and the Phase 4 verification templates (SKILL.md and references/agent-templates.md)—and requires the agent to read and act on that untrusted third‑party content to verify DOIs and decide whether to include papers, so external content can materially influence tool use and next actions.