research-wiki

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public third-party content (e.g., the ingest_paper helper "fetch metadata — queries the arXiv Atom API" and appends an "## Abstract (original)" blockquote), and those fetched abstracts/metadata are incorporated into query_pack.md and consumed by downstream hooks (e.g., /idea-creator and paper-reading hooks) that materially influence ideation, wiki updates, and tool actions, so untrusted web content can affect the agent's behavior.