audit-oe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md Phase 3 "Fetch Content (AGGRESSIVE)") explicitly directs per-citation agents to query PubMed/bioRxiv/ClinicalTrials MCP servers and to WebFetch DOI pages (e.g., WebFetch("https://doi.org/{DOI}", prompt="Extract the structured abstract…")), and those fetched public third‑party pages are parsed and used to score claims and drive further tracebacks/agent actions, exposing the agent to untrusted external web content that can materially influence behavior.