literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests open/public third‑party content (e.g., via gget searches of PubMed and bioRxiv, arXiv/Semantic Scholar APIs, and even Google Scholar scraping) and requires the agent to read and interpret abstracts/full texts and preprints as part of its workflow, exposing it to untrusted user-generated/unvetted content.