literature-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests public third‑party content (arXiv via https://export.arxiv.org/api/query in _search_arxiv_paged/_search_arxiv_once and Semantic Scholar via the r.jina.ai proxy in _semantic_scholar_request_json/_search_semantic_scholar_paged), and it directly reads titles/abstracts to filter, select, and drive online expansion decisions, so untrusted web content can influence runtime behavior.