academic-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly instructs fetching and ingesting public third‑party content (e.g., "Step 1: Search and Save" using the paper-search command that writes /workspace/projects/papers.json and the "Replication Study" step that downloads paper PDFs), so the agent will read and act on untrusted public web content which can influence subsequent analysis and actions.