paper-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to use WebSearch/WebFetch on open web sources (Phase 0.1: "look up the journal's 'Instructions for Authors'", Phase 1.1: PubMed/Google Scholar/WebFetch) and to read/ingest those pages to determine journal requirements and literature—third‑party web content that the agent will interpret and act on—creating clear exposure to untrusted public content that could carry indirect prompt-injection instructions.