peer-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The DevilsAdvocate agent explicitly calls out to public search adapters (src/adapters/arxiv.ts, src/adapters/serper_search.ts, and src/adapters/skill_search.ts) to fetch open web/arXiv/search-result content and then incorporates those third-party snippets into the LLM prompt for analysis, exposing the agent to untrusted, user-generated public content.