systematic-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's "Identification" and principles explicitly require performing exhaustive searches including grey literature, preprints, and public reports/websites, so the agent is expected to fetch and read untrusted third‑party content (public websites, preprints, reports) as part of its workflow.