zotero-synth

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (notably scripts/zotero_client.py via _get_pyzotero/_web_items/_web_children/_web_detail) can call the Zotero web API (zotero.org) to fetch user- or group-provided items/notes/attachments and scripts/pdf_extract.py extracts PDF text, which the agent then reads and summarizes—i.e., it ingests untrusted user-generated third-party content from Zotero/web libraries.