research-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls OpenRouter/Perplexity (scripts/research_lookup.py and SKILL.md) to perform live "academic" searches and ingest "search_results"/source URLs from the open web (arXiv, PubMed, journal sites and other public URLs) and then parses and uses those external results/citations in its responses, so untrusted third‑party content is fetched and directly influences the agent's outputs and decisions.