comm-lit-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow and source policy explicitly direct the agent to search and ingest public third-party sites—ieeexplore.ieee.org, sciencedirect.com, dl.acm.org and "broader web" including publisher pages and author-hosted PDFs (see SKILL.md Workflow step 3 and references/source-policy.md)—and requires the agent to read and synthesize that content to decide which papers to include and how to act, so third-party content can materially influence behavior.