gs-cited-by

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates to and scrapes public Google Scholar "cited-by" pages (Step 2 uses mcp__chrome-devtools__navigate_page to https://scholar.google.com/scholar?cites={DATA_CID} and Step 3 runs an evaluate_script to extract titles/snippets/data-cid) and then uses that extracted content to drive follow-up actions (pagination, export, recursive citation tracking), so untrusted third-party page content can materially influence agent decisions.