cite-them-all

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests content from public third-party literature sources (PubMed/PMC and bioRxiv/medRxiv) — e.g., SKILL.md "Search PubMed ... using search_articles/get_full_text_article" and workflows/04-reference-search.md / workflows/03-existing-refs-check.md describe using get_full_text_article, search_preprints and get_preprint — and the agent is required to read and act on those abstracts/full texts to choose/insert citations, so untrusted third-party content can materially influence its decisions.