paper-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Core Workflow steps 2–5 and the "Return results" section) and the reference files (e.g., references/pmc.md, references/arxiv.md, references/pubmed.md, references/openalex.md, references/unpaywall.md) explicitly instruct the agent to fetch and parse raw content (JSON/XML/full-text PDFs) from open public third‑party sites (PubMed/PMC, arXiv, bioRxiv/medRxiv, OpenAlex, Crossref, Semantic Scholar, CORE, Unpaywall), which the agent is expected to read and use to make subsequent tool calls and decisions—meeting the criteria for exposure to untrusted third‑party content that could enable indirect prompt injection.