research-design-positioning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md step 2: "Extract candidate gaps from ... source pages") and the repository contract (references/repository-contract.md) explicitly expect ingesting/reading external public sources (e.g., arXiv, Semantic Scholar, OpenAlex, Crossref, PubMed, DBLP), which the agent must interpret to form claims and decisions—exposing it to untrusted third-party content that could carry indirect prompt injection.