research-lit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly performs external searches and ingests public web content (Step 1: "Search (external)" via WebSearch/arXiv/Semantic Scholar/Exa/OpenAlex/Gemini and optional Exa/DeepXiv results) and then reads and analyzes those results in Step 2, so untrusted, user-generated or third‑party web content is consumed and can materially influence its analyses and subsequent actions.