citation-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires web access and instructs the agent to fetch and read open/public sources (e.g., "Inputs: Web access" and Phase 2's "Fetch https://arxiv.org/abs/{eprint_id}" and Phase 3's "Read the cited paper")—public third‑party content that the agent must interpret and that can change verification and automatic-fix actions, so it exposes the agent to untrusted third‑party content.