typst-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's bibliography verification workflow (see references/CITATION_VERIFICATION.md and references/modules/BIBLIOGRAPHY.md) explicitly instructs using public APIs and services such as Semantic Scholar, CrossRef, arXiv, and Exa MCP to search for and fetch BibTeX/metadata, so the agent will fetch and interpret untrusted public web content that can materially affect citation decisions and follow-up actions.