academic-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflows and references explicitly instruct using Exa web search (mcp__exa__web_search_exa with includeDomains like arxiv.org, openreview.net, etc.) and the arxiv-mcp-server tools (search_papers, download_paper, read_paper) to fetch and read public papers and web content, so the agent ingests untrusted, user-published third-party content that can materially influence analysis and follow-on actions.