zh-ebn-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The pipeline explicitly performs public web/database retrievals (e.g., PubMed, Cochrane, CINAHL, Scopus/Embase, Airiti via the cli_tools "pubmed-search"/database clients and CrossRef DOI validation) and then ingests abstracts/metadata into CASP appraisers, the Synthesiser, and section writers (see SKILL.md workflow, cli.py commands and src/.../cli_tools.py and clients/*), so untrusted third‑party content is fetched and directly influences agent decisions and generated actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The pipeline performs runtime DOI metadata lookups via the CrossRef API (https://api.crossref.org/works/{DOI}), and the returned metadata/abstracts are ingested into the pipeline (DOI validation, APA formatting and fed to LLM subagents like the CASP appraiser), so external content from that URL is fetched at runtime and directly influences model prompts/outputs.