paper-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public literature search results (e.g., Tavily + Semantic Scholar + arXiv) and uses them in Phase 0/Phase 3 review steps and the Literature Reviewer agent (see references/CHANGELOG.md, references/LITERATURE_GROUNDING_GUIDE.md, agents/literature_reviewer_agent.md and the deep-review workflow in SKILL.md), so it fetches and interprets open third‑party content that can materially change review decisions.