content-access

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching and parsing open/public web content (e.g., Unpaywall, CORE, Semantic Scholar API calls and functions like get_archived_article using archive.today, get_wayback_article using the Wayback API, and check_geo_access which does requests.get(url)), so the agent is expected to ingest untrusted third-party pages and search results that can influence subsequent actions.