citation-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires the reviewer to perform real web lookups (see "WEB_SEARCH = required" and the mcp__codex__codex prompt in Step 3 instructing "Use web/DBLP/arXiv search" and references to DBLP/arXiv/OpenReview), so it ingests public third‑party content (arXiv/DBLP/OpenReview/web pages) which the reviewer must interpret to produce verdicts that drive fixes and replacements.