deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflow and included scripts (e.g., references/api-reference.md, search_arxiv.py, search_semantic_scholar.py, download_papers.py, ar5iv WebFetch guidance, and OpenReview examples) explicitly fetch and read public third‑party sources (arXiv, Semantic Scholar, ar5iv, OpenReview, GitHub) and instruct the agent to parse and act on that content to select papers, download/read PDFs, extract sections, and drive subsequent filtering and report-generation, so untrusted web content can materially influence tool use and decisions.