hook-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Research Gate" section explicitly mandates fetching public web content via Exa (mcp__Exa__web_search_exa / mcp__Exa__get_code_context_exa) and direct WebFetch calls to arXiv (e.g., https://arxiv.org/search/...), so the agent is required to ingest untrusted third‑party public content as part of its workflow which could materially influence decisions.