literature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly spawns search and download sub-agents that fetch and ingest content from open/public sources (e.g., Phase 2 Google Scholar / web searches, Semantic Scholar/arXiv web queries, Phase 4 manual verification via Crossref/publisher pages and web search, and Phase 5 PDF downloads from author sites/SSRN/arXiv), so untrusted third-party page content is read and used to verify DOIs, decide inclusion/exclusion, and drive subsequent actions.