gs-export

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses Google Scholar web pages (Step 1a: fetching the cite dialog from https://scholar.google.com and Step 1b: navigating to BibTeX pages on scholar.googleusercontent.com) and reads untrusted BibTeX/fullTextUrl content (Step 1c) which the agent interprets to decide what metadata to create, what PDFs to download, and what Zotero actions to perform, so third-party page content can materially influence tool use.