research-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill issues live queries to OpenRouter (research_lookup.py::_make_request calling https://openrouter.ai/api/v1) and directly ingests API-provided search_results, URLs and snippets (see _extract_api_citations and _extract_citations_from_text which match arxiv.org, pubmed/ncbi, nature.com, etc.), so it reads and interprets public third-party web content (papers, preprints, and other sites) as part of its workflow.