book-research-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 2 validation explicitly requires the agent to "load Claude's deep research output" and "load Gemini's deep research output" (SKILL.md — Phase 2 Step 2 and Inputs), i.e., ingest and act on externally-sourced, user-provided research (and the deep-research guidance describes web search), so untrusted third-party content can be read and materially influence follow-up prompts, verdicts, and tracker updates.