search-conference

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md pipeline explicitly tells the agent to crawl and search OpenReview venue metadata using the embed-papers CLI (steps 2–4), which pulls public, user-generated paper titles/abstracts from OpenReview that the agent must read and use to decide recommendations, so untrusted third-party content can influence behavior.