autoresearch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md's mandatory Bootstrap step instructs the agent to fetch and read public third‑party sources (e.g., Exa MCP/web_search_exa, Semantic Scholar, arXiv, CrossRef) and to save and use those paper summaries in literature/ to form hypotheses and steer experiments, so untrusted external content is ingested and can materially influence agent decisions.