research-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls OpenRouter/Perplexity Sonar (research_lookup.py _make_request -> https://openrouter.ai/api/v1) and extracts search_results/citations (see _extract_api_citations and _extract_citations_from_text) and also references a complementary WebSearch for news/blogs, so the agent ingests and synthesizes open/public third‑party web content (including non‑peer‑reviewed sources), exposing it to indirect prompt injection.