core-api-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly retrieves and processes full-text content from CORE's public API (e.g., the GET https://api.core.ac.uk/v3/search/works and GET https://api.core.ac.uk/v3/works/{core_id} endpoints), meaning the agent ingests open third‑party papers harvested from many external repositories and uses that content in its analysis/workflow, which could enable indirect prompt injection.