prior-art-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). SKILL.md and the code show the skill fetches public patent text from Google BigQuery Patents Public Data and optionally the USPTO API (see "Required Data Access" and search_prior_art/get_patent_details), and Steps 3 and 5 explicitly require the agent to read abstracts and claims from those third‑party documents to drive search refinement and patentability/claim-drafting decisions, so untrusted third‑party content can influence actions.