sci-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 0 "Search the literature" instructions in SKILL.md explicitly require performing web searches (e.g., "Search: '{problem name} algorithm survey'") and using external/public web content to inform the review, which exposes the agent to untrusted third-party webpages and their instructions.