paper-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests data from public third‑party sources (e.g., PubMed/PMC, arXiv, bioRxiv/medRxiv, OpenAlex, Semantic Scholar, CORE, Unpaywall) as described in SKILL.md and the reference files (e.g., PMC JATS XML, arXiv Atom XML, Unpaywall DOI lookups), expects the agent to read/parse that untrusted public content and use it to decide follow‑up actions (e.g., find OA PDFs, parse full text, choose databases), so externally authored content can materially influence tool use and next steps.