research-pipeline-runner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly says networked pipelines may fetch arXiv/PDFs ("Network: depends on selected pipeline (arXiv/PDF/citation verification may need network)") and the runner requires following pipeline/unit SKILL.md to ingest and process those external papers, so the agent will read untrusted public third-party content (arXiv/PDF) as part of its workflow.