literature-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly allows fetching papers via third-party search sources ("输入方式" item 3: "配合 paper-search / arxiv-search 获取"), meaning the agent will ingest and analyze open/public third-party documents (e.g., arXiv) which can materially influence its analyses and recommendations.