research-paper-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md Step 0 and the README explicitly instruct the agent to fetch venue-specific reviewing guidelines from venue websites (public third-party sites), meaning the agent will read and use untrusted public web content that can materially influence its review actions.