research-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill calls OpenRouter / Perplexity Sonar models to perform online academic/web searches and returns model-generated content and source links (see research_lookup.py and README usage of "academic/scholarly search mode" and lookup.py formatting of "response" and "citations"), so it ingests and displays third‑party public content that could carry indirect prompt injections.