li

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs WebSearch/institutional-URL checks for DOI/PMID verification as part of INGEST-FROM-RESEARCHER ("Attempt DOI lookup via WebSearch ([author] [year] [title] DOI) or institutional URL verification"), meaning it fetches and interprets open web content whose (untrusted) results directly affect auto-merge vs staging decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The CURATE flow runs an npx command that fetches and executes remote package code at runtime (npx -y skills add gasserane/personal-skills --all -y), which is a required CURATE step and therefore a runtime external dependency that executes remote code.