literature-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill (scripts/lit_search.py and SKILL.md) explicitly queries public third‑party APIs — Semantic Scholar, OpenAlex, Crossref, and PubMed — to fetch full abstracts/TL;DRs and instructs the agent to extract findings and synthesize/draft review sections from that content, so untrusted public content can directly influence the agent's decisions and outputs.