fact-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to run web searches and to "paper-search google web """ and "paper-search browse " and to read papers/web pages, which fetches and ingests open/public third-party content that can directly influence verdicts and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime fetches of external web content (e.g., the paper-search browse command which will retrieve arbitrary URLs such as "") and injects that content into the agent's context to drive verdicts, so external URLs fetched at runtime can directly control prompts and are a required dependency.