discovery-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to fetch and ingest public third-party content (e.g., OpenAlex API calls in semantic-scholar-recs-guide, arXiv RSS fetching in rss-paper-feeds, and GitHub/arXiv/ConnectedPapers links in multiple SKILL.md files) and to use that untrusted/user-generated content to drive recommendations, alerts, and LLM-driven synthesis, which could allow indirect prompt injection.