research-guardian

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the Literature Guard and other gates to fetch and verify citations via public web search and external sources (e.g., SKILL.md "With existing tools integration" / references/literature-verification.md — Google Scholar, PubMed/DOI resolver, arXiv, Semantic Scholar, Retraction Watch, Papers With Code), so the agent will ingest and act on untrusted third‑party content that can change gate decisions and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Literature Guard and verification workflows explicitly require runtime web fetching (e.g., resolving DOIs via https://doi.org/) and using fetched abstracts/pages as evidence injected into subagent evaluation prompts, making this a required external dependency that directly influences agent prompts.