openevidence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill directly fetches and ingests content from the public OpenEvidence site (scripts/oe.py uses GET/POST to /api/article and /api/article/list and downloads article text/figures, and SKILL.md documents the ask/article flows), so untrusted third‑party article content and linked resources are read and returned for the agent to use and could therefore inject instructions that influence subsequent decisions.