research-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's researcher stage (SKILL.md "Researcher executes: Literature search via PubMed, bioRxiv, OpenAlex" and "Paper reading and note-taking") explicitly fetches and ingests public third-party articles which the agent reads and uses to drive downstream decisions in the pipeline, exposing it to untrusted external content that could carry indirect prompt injection.