scientify-idea-generation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and ingesting public third-party content—e.g., Step 3 Option B's arXiv search and curl "https://arxiv.org/src/{arxiv_id}" plus git clone {repo_url}, and the /literature-survey flow—and then requires the agent to read and act on those papers/repos to generate and select research ideas, so untrusted web content can materially influence behavior.