literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly searches and ingests content from open/public third‑party sources (PubMed, bioRxiv/medRxiv, arXiv, Semantic Scholar and even recommends scraping Google Scholar) and its scripts (e.g., search_databases.py and the workflow for screening/abstract/full‑text review) expect the agent to read and synthesize those untrusted/user‑generated abstracts and web content as part of the review, exposing it to indirect prompt injection risk.