fulltext-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL bundle explicitly instructs the agent to fetch and parse open/public third‑party content (e.g., arXiv e-print endpoint "https://arxiv.org/e-print/{arxiv_id}", PMC BioC/FTP/OAI endpoints, CORE API, DOAJ, HAL, OSF, Unpaywall, etc.) and to read/interpret those user‑submitted full texts for extraction, summarization, and downstream actions (see the arxiv-latex-source and bioc-pmc-api SKILL.md examples), so untrusted third‑party content can materially influence tool use and decisions and therefore could enable indirect prompt injection.