grant-proposal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 workflow explicitly invokes /research-lit and web searches (arXiv, Google Scholar, Zotero, KAKEN database, NSF Award Search, NSFC project searches and general web search) to fetch and ingest public, user-generated/untrusted third-party content that the agent must read and use to form the gap statement, aims, and downstream proposal decisions, so external pages can materially influence tool use and behavior.