research-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill calls OpenRouter / Perplexity Sonar models to perform live web/academic searches (see SKILL.md "Look up current research" and the code in research_lookup.py/_make_request posting to https://openrouter.ai and extracting search_results), ingests and displays third‑party web content (including news, blogs, and paper snippets via WebSearch and extracted citations), and uses that content to generate and drive research outputs—so untrusted public content is read and can influence agent behavior.