literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the SKILL.md Core Workflow (Phase 2: "Systematic Literature Search" and the Database-Specific Search Guidance) explicitly instructs the agent to fetch and ingest open/public third‑party content (PubMed/bioRxiv/arXiv/Semantic Scholar and even Google Scholar scraping / WebFetch), then read abstracts and full texts and use those results to drive screening, synthesis, and tool-driven outputs, so untrusted external content can materially influence agent actions.