research-to-practice

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 1 explicitly instructs the agent to "Fetch paper content via URL or search for it" (with fallbacks like arXiv, author pages, and blog posts), so the agent will ingest arbitrary public third‑party documents and use their content to drive analysis and implementation decisions, which enables indirect prompt injection.