literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests open/public literature (e.g., search_literature against PubMed, get_fulltext(pmcid)/download PDF, and ingest_documents(file_paths)) and requires the agent/subagents to read and act on those fulltexts as part of its workflow (see the SKILL.md steps for fulltext ingestion and runSubagent prompt), so third-party webpage/PDF content can directly influence analysis and subsequent actions.