research-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries open/public third-party sources via OpenRouter/Perplexity Sonar to "search academic papers, recent studies" and uses WebSearch for news/blogs (see "OpenRouter API Configuration" and "Complementary Tools" in SKILL.md), so the agent ingests and acts on untrusted external content as part of its workflow.