literature-scout

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to fetch and ingest content from public third-party sources—Exa semantic search (including arxiv.org), the ArXiv API (export.arxiv.org), the Semantic Scholar API, and Papers With Code—to extract abstracts/metadata and make selection/classification decisions, so untrusted web-origin content can materially influence the agent's actions and enable indirect prompt injection.