icml-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Step 2: Prior Work Grounding" explicitly directs the agent to "Use WebSearch" and "Fetch abstracts of 5-10 most relevant papers" (e.g., arXiv and published work), meaning the agent will ingest open/public third-party content as part of its workflow and thus can be exposed to indirect prompt injection.