deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md Phase 3 "Deep Dive") and supporting scripts (e.g., search_arxiv.py, search_semantic_scholar.py, download_papers.py, references/api-reference.md ar5iv/WebFetch) explicitly fetch and read public third‑party content (arXiv, Semantic Scholar, ar5iv, GitHub, OpenReview) and requires the agent to interpret those documents to drive selection, synthesis, and tool actions, exposing it to untrusted user-generated web content that could contain indirect prompt injections.