academic-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs the agent to search and ingest content from open/public third-party websites (e.g., site:scholar.google.com, pubmed.ncbi.nlm.nih.gov, semanticscholar.org, arxiv.org, site:edu/site:gov, and the Phase 3 "general" web) and even provides a classify-url script (python scripts/research_agent.py classify-url "https://..."), so the agent will read and interpret untrusted external content as part of its workflow.