academic-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform web searches and ingest public/untrusted content (e.g., mcp__exa__web_search_exa with includeDomains like arxiv.org, openreview.net, and the arxiv-mcp-server tools such as search_papers/download_paper/read_paper) and to read/analyze that extracted third‑party text as part of its workflows, which could allow indirect prompt injection.