typst-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's bibliography workflow and referenced CITATION_VERIFICATION.md explicitly instruct the agent to call public APIs and fetch pages (Semantic Scholar, CrossRef, arXiv, doi.org) to retrieve and verify BibTeX and to "verify the claim you're citing" (see references/CITATION_VERIFICATION.md and references/modules/BIBLIOGRAPHY.md), so it will ingest and act on untrusted public third-party content.