figshare-data-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly opens arbitrary Figshare DOI/item/ndownloader pages in a real browser (SKILL.md step 2 and scripts/figshare_data_download.py which calls subprocess.run(["open", args.url])), so untrusted public Figshare page content can determine which file is downloaded and thereby materially influence the agent's actions.