tooluniverse-literature-deep-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests open/public third‑party content (e.g., PubMed/EuropePMC full‑text snippets, ArXiv/semanticScholar PDFs, OpenAlex/Crossref results and even arbitrary webpages via get_webpage_text_from_url) as required parts of its Phase 2 / FULLTEXT_STRATEGY workflows and uses those texts to grade evidence and drive report synthesis, so untrusted public content can materially alter tool-driven decisions.