reference-finder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required documentation and workflow (SKILL.md, README.md, config.yaml, and CHANGELOG.md) explicitly describe multi-source searching and ingestion from public third-party sites (Google Scholar, arXiv, Semantic Scholar, PubMed and arbitrary search APIs/URLs), and those fetched results are used as input to generate and select references—meaning untrusted third‑party content would be read and could materially influence the agent's outputs.