phd-literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's P2 "系统性文献检索" step explicitly instructs the agent to perform WebSearch queries against public sites (e.g., scholar.google.com, journals.sagepub.com, sciencedirect.com, cnki.net) and to ingest those search results into the workflow (with P2 outputs fed into P3 literature verification and P4 writing), so it clearly consumes untrusted/open-web third‑party content that can materially influence subsequent actions.