verify-claims

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md requires or auto-detects --source (e.g., arXiv URLs) and instructs handing "source material pointers" to a forked claim-verifier that reads the sources (with fail modes for paywalls/404s), which clearly causes the agent to fetch and interpret public third‑party content (web pages/PDFs) that could contain untrusted instructions.