literature-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflows (e.g., Mode 2 "Comprehensive search: Use WebSearch with multiple query variations" and Mode 1 "Execute assigned search strategy" / specific search queries) explicitly fetch and ingest open/public third‑party papers and webpages which the agent must read and use to prioritize, synthesize, and decide next actions, exposing it to untrusted external content that could enable indirect prompt injection.