academic-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs Phase 1 literature search and source screening and the citation_compliance_agent verifies DOIs/URLs and cross-references public web resources (e.g., "Retraction Watch Database (http://retractionwatch.com)" and "WebSearch"/DOI verification) — showing the agent will fetch and interpret open/public third‑party web content that can materially change drafting, citation, and revision decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's citation_compliance_agent explicitly directs a runtime cross-check against the Retraction Watch Database (http://retractionwatch.com), which is a remote data dependency used at runtime to decide whether to flag or remove citations, so this URL is a runtime-controlled external data source that directly influences agent behavior.