research-ui-prototyping

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's repository and output contracts explicitly require ingesting and using raw/public third‑party sources and metadata (e.g., arXiv, Semantic Scholar, OpenAlex, Crossref, PubMed) as part of source ingestion and UI/data workflows (see references/repository-contract.md and references/output-contracts.md), so untrusted external content will be read and can influence agent actions.