research-news

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs web searches against public sources (see Step 2 and the Scripts list: search_arxiv.py, plus search_huggingface.py, search_x.py, search_xiaohongshu.py) and then reads/uses the fetched arxiv_filtered.json results to score and drive recommendations, so untrusted third‑party (arXiv/social media/Semantic Scholar) content is ingested and can materially influence agent decisions.