literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third-party content (e.g., via gget searches of PubMed and bioRxiv, direct arXiv and Semantic Scholar APIs, and Google Scholar scraping) and the workflow and scripts (search_databases.py and verify_citations.py) expect the agent to read and process those external abstracts/metadata (including preprints), exposing it to untrusted user-generated/public content that could carry indirect prompt-injection vectors.