research-intelligence

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly says it processes "academic papers, articles, podcasts, videos, meeting transcripts, or any content" (top-level description) and its extract_references step extracts "Articles & Online Sources" and URLs, which means the agent will ingest and analyze arbitrary user-provided or public web content (untrusted third-party sources) as part of its workflow, creating a pathway for indirect prompt injection.