paper-analyst

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Step 3 explicitly directs the agent to fetch ArXiv pages (via Exa search), visit paper URLs with WebFetch, and query Semantic Scholar—public third‑party sources whose untrusted content the agent will read and use to drive analyses and outputs, meeting the criteria for indirect prompt injection risk.