literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's core workflow (Phase 2: "Systematic Literature Search") and accompanying scripts (e.g., scripts/search_databases.py and instructions to use gget, direct arXiv/Semantic Scholar APIs and Google Scholar scraping) explicitly fetch and ingest content from public/untrusted sources (PubMed, bioRxiv/medRxiv, arXiv, Semantic Scholar, Google Scholar, etc.) and requires the agent to read/interpret abstracts and full texts to decide inclusion, synthesize findings, and drive downstream actions, so third‑party content could materially influence tool use or decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's mandatory scientific-schematics workflow calls the OpenRouter API at runtime (base URL https://openrouter.ai/api/v1) to generate images and receive textual critiques that are then used to automatically modify generation prompts (i.e., external content directly controls agent prompts), and this API is a required dependency for the schematic-generation step.