academic-paper-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party content (e.g., "paper URL (arXiv, DOI, conference proceedings, journal link)" and "Use web_fetch on key related papers or surveys") and requires the agent to read and act on that content to form review decisions, so untrusted external pages could indirectly influence tool behavior.