semantic-scholar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls the public Semantic Scholar API (e.g., fallback to https://api.semanticscholar.org/graph/v1/paper/search in Step 2) to fetch paper metadata, TLDRs and abstracts which the agent uses to rank/prioritize results (Key Rules: "Citation count is gold") and to ingest into the research wiki (Step 7), so untrusted third‑party content can directly influence tool use and next actions.