review-literature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public third-party content as part of its required workflow (Step 2: delegate searches to /search-paper targeting arXiv, IACR ePrint, etc.; Step 3: WebSearch fallback for conference proceedings, blog posts, and author homepages; Step 8: download PDFs and invoke /analyze-paper), so untrusted public content is read and used to drive decisions and subsequent actions.