papers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch papers from public third-party sources (arXiv, Semantic Scholar, Unpaywall, CORE, PubMed Central, and author preprint pages) and to convert and parse those PDFs into markdown for extraction, meaning the agent ingests untrusted public web content that can materially influence its outputs and decisions.