literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests open/public third‑party content (e.g., gget search pubmed, gget search biorxiv, arXiv direct API, Semantic Scholar, and Google Scholar scraping) and instructs the agent to read/interpret abstracts and full texts from those external databases (including preprints), which are third‑party/untrusted sources that could carry indirect prompt injection.