research-paper-writing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform web searches and fetch public third‑party content (e.g., Phase 1: "use web_search" and web_extract("https://arxiv.org/abs/..."), and the MANDATORY "Citation Verification" via Semantic Scholar/DOI lookups), so the agent will programmatically ingest open/public web content (arXiv, Semantic Scholar, arbitrary search results) and use those results to drive experiments, citations, and drafting decisions, creating a clear avenue for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs runtime fetching of external documents that are injected into the model context (e.g., web_extract("https://arxiv.org/abs/2303.17651"), programmatic BibTeX fetch via "https://doi.org/{doi}", and Semantic Scholar API calls), and it mandates programmatic citation verification, so these external URLs are used at runtime and directly control the agent's prompt/context.