citation-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Step 2 ("verify via web search") and Step 3 ("evaluate what the source actually says") explicitly require fetching and reading public web content (papers, preprints, journal pages, and other open URLs or user-supplied bibliography items), which exposes the agent to arbitrary third-party content that could carry indirect prompt injection.