literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). High: the required runtime workflow uses parallel-cli search and parallel-cli extract to fetch and ingest full text/abstracts from public web sources (outsider-authored content) into the agent’s context for screening/extraction and synthesis.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's schematic generator calls the OpenRouter API at runtime (base URL https://openrouter.ai/api/v1) to generate and review images, so external responses from https://openrouter.ai directly influence prompts, outputs, and control iterative generation logic.

MEDIUM W021: Hidden or invisible Unicode characters detected (potential obfuscation or prompt injection).

• Hidden Unicode characters detected (1 type(s) found)