researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls external public sources in "Database access" (perplexity-search for web search, pubmed-database, biorxiv-database, openalex-database) and describes acquiring and reading PDFs from PMC/other sites, so the agent will fetch and interpret untrusted public third‑party content (open web and user-submitted preprints) as part of its workflow.