latex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Critical Rules explicitly require verifying BibTeX entries "against web sources (CrossRef, Google Scholar, DOI lookup)" (SKILL.md — "NEVER write BibTeX entries from memory"), which directs the agent to fetch and interpret public third-party content as part of its workflow and thus could let that content influence actions.