validate-bib

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to resolve and verify DOIs and metadata from external public sources (biblio MCP tools like scholarly_verify_dois and openalex_lookup_doi, resolving DOIs via https://doi.org, and web searches) as shown in SKILL.md and references/preprint-check.md, so it ingests untrusted third-party web content that can influence verification decisions.