Subagent-Driven Literature Review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow and prompt templates explicitly instruct subagents to fetch abstracts and full text from public sources (PubMed/PMC, Unpaywall) and to traverse citations via PubMed/OpenCitations, then read and use those third‑party contents to score papers and drive follow‑up actions (e.g., dispatching deep‑dive subagents), which exposes the agent to untrusted external content that could carry indirect prompt injections.