semantic-scholar-deep

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill and its paired subagent explicitly instruct calling Exa MCP (mcp__exa__web_search_advanced_exa) and the Semantic Scholar API via ss_client.py / citation_graph.py to fetch public papers, snippets and citation data from arXiv/OpenReview/PubMed/S2 (open, third‑party content), and those fetched texts are parsed and used to drive discovery, shortlist selection, recommendations, graph traversal and ranking decisions as part of the required Default Workflow and Tool Stack (agents/deep-paper-researcher.md and SKILL.md), so untrusted external content can materially influence agent actions.