medical-imaging-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read open third‑party content (arXiv, PubMed, Crossref and arbitrary WebFetch URLs via the "Literature Sources", references/CITATION_INTEGRITY.md and references/MCP_SETUP.md sections, e.g., mcp__arxiv-mcp-server__read_paper, WebFetch on pubmed/crossref/arxiv), and requires the agent to interpret those pages/papers as part of its verification and writing workflow — satisfying the conditions for exposure to untrusted, user‑generated web content that can materially influence decisions.