academic-research-suite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL explicitly instructs the agent to perform web browsing and external bibliographic lookups (see "Codex Runtime Mapping" WebSearch rule) and documents runtime components that fetch and ingest open/public sources (e.g., Semantic Scholar/OpenAlex/Crossref clients in scripts/openalex_client.py, scripts/crossref_client.py and the academic-pipeline/agents/claim_ref_alignment_audit_agent) which the agent reads and uses to judge citations and drive gate decisions, so untrusted third‑party content can be ingested and materially influence actions.