Traversing Citation Networks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests third-party paper content from the public Semantic Scholar API (e.g., "GET /graph/v1/paper/{paperId}/references" and "citations" calls shown in SKILL.md) and the agent is instructed to read/score contexts, titles, and abstracts and use those results to decide queueing, traversal, and extraction actions, so untrusted external content can materially influence subsequent tool use and decisions.