literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow and code clearly fetch and ingest open/public third‑party content (abstracts/metadata) from Semantic Scholar, OpenAlex, Crossref and PubMed (see scripts/lit_search.py search_* and search_pm functions and the SKILL.md "Extract"/"Draft" steps), and then the agent directly reads and synthesizes that content into review text, so external content can materially influence its actions.