literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly fetches public literature (e.g., search_literature, get_fulltext(pmcid), ingest_documents(file_paths)) and requires the agent to read and pass fulltext content into subagents for analysis (step 6–7), so untrusted third‑party webpage/PDF content from PubMed/PMC/public sites can directly influence tool use and downstream decisions.