literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly runs public search scripts and arXiv/OpenAlex/Semantic Scholar queries and retrieves full paper texts (see SKILL.md Step 2 and references/review-workflow.md with SUMMARY/FULL_TEXT and arx_eng.retrieve_full_paper_text), so the agent ingests untrusted public third-party content to ground answers and drive subsequent actions.