openalex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests public OpenAlex content (e.g., the payload field returned by scry.openalex_find_works, scry.openalex_works.payload, and mv_openalex_papers/preview) and the SKILL.md workflow/recipes (reading-list builder, rerank handoff, semantic search) require the agent to read and act on that untrusted third‑party text, so third‑party payloads could indirectly inject instructions.