literature-verifier

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses open/public third-party content (e.g., CrossRef API calls, arbitrary publisher URLs via scripts/verify_url.py and WebFetch, CNKI/Wanfang/Baidu Scholar web searches and CNKI CDP navigation to https://kns.cnki.net/AdvSearch), and that untrusted page content is read and interpreted as part of the verification workflow to determine verdicts and next actions, so it can enable indirect prompt injection.