wos-export

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Mode B in SKILL.md requires the agent/browser to be on public Web of Science pages (e.g., /summary/... or /full-record/...) and uses take_snapshot + click flows to read page content and drive export actions, so it ingests and acts on untrusted third‑party web content as part of its workflow.