Research Ideation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs WebSearch across public academic sites (arXiv, Google Scholar) and uses Zotero MCP functions (add_items_by_doi, find_and_attach_pdfs, get_item_fulltext) to import and read open web PDFs, so the agent fetches and interprets untrusted third‑party content as part of its workflow.