research-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill autonomously queries web-grounded providers (Perplexity Sonar via OpenRouter in research_lookup.py / lookup.py / scripts/research_lookup.py and Gemini Deep Research in gemini_research.py), ingests public web and academic sources (URLs, snippets, citations) and uses them in its core workflow and outputs, so untrusted third-party content can materially influence model behavior and downstream decisions.