pm-fulltext

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill navigates to public PubMed pages (https://pubmed.ncbi.nlm.nih.gov/{PMID}/), calls public eutils APIs (esummary/elink), and scrapes publisher links from the page DOM and then may open those third‑party publisher/Sci‑Hub pages — all untrusted public content that the agent reads and uses to decide which links to open, allowing indirect prompt injection.