academic-mcp-tooling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md and references/mcp-catalog.md) explicitly directs the agent to query and smoke-test public MCP servers and sources (arXiv, Semantic Scholar, OpenAlex, Crossref, PubMed, Google Scholar, publisher pages, etc.), ingest returned metadata/results into project ledgers, and use those results to choose/configure servers and update evidence—therefore it clearly consumes untrusted public third‑party content that can influence tool use and decisions.