ieee-export

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.90). The prompt includes a hidden/deceptive instruction (initScript: Object.defineProperty(navigator, 'webdriver', ...) ) to mask automation and evade bot detection which is not disclosed in the skill's stated purpose of exporting citations, so it constitutes a prompt-injection-like override outside the advertised functionality.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill autonomously navigates and scrapes public IEEE Xplore document and search-result pages (SKILL.md step "navigate_page" and the JS extraction snippets) and downloads PDFs from ieeexplore.ieee.org, and it directly consumes the extracted citationText, title/metadata, pdfUrl and cookies to decide exports and to push items to Zotero—so third-party page content is read and used to drive tool actions.