research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow (Step 2 Discovery and the Tools Quick Reference) explicitly instructs the agent to use OpenAlex, Paper-search/arXiv, Tavily (web search), webfetch, and PDF read_pdf to ingest papers, blogs, docs and arbitrary URLs from the open web and then read/weight those sources to create evidence cards and drive recommendations, which exposes the agent to untrusted third-party content that could contain indirect prompt injection.