citation-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill ingests public third‑party content (e.g., scraping Google Scholar via scripts/search_google_scholar.py, querying PubMed/CrossRef/arXiv in scripts/extract_metadata.py, and accepting arbitrary --url inputs) which the agent is expected to read/interpret as part of its workflow, exposing it to potential indirect prompt injection.