sota-literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Search Strategy and references/repository-contract.md / references/mcp-catalog.md) explicitly instructs ingesting and reading public third‑party sources such as arXiv, Semantic Scholar, OpenAlex, Crossref, PubMed and publisher pages (and lists Google Scholar as a fallback), so untrusted external content is consumed and can materially influence the agent's actions.