research-pipeline-runner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly states "Network: depends on selected pipeline (arXiv/PDF/citation verification may need network)" and directs running arXiv-based pipelines (e.g., pipelines/arxiv-survey.pipeline.md) where the runner ingests and interprets external papers/PDFs as part of producing outputs, so untrusted third‑party content can influence decisions and actions.