deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's bibliography_agent and monitoring_agent explicitly fetch and ingest content from public third-party sources/APIs (Semantic Scholar, OpenAlex, Crossref, arXiv/bioRxiv/SSRN, PubMed, Google Scholar, Retraction Watch, RSS feeds) as part of its required Phase 2/monitoring workflows, and that ingested, user-generated/public content is read and used to drive synthesis, meta-analysis, verification, and reporting decisions—creating a clear vector for indirect prompt-injection via third-party material.