bio-stats-ml-reporting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly calls the public Crossref REST API via the crossrefapi examples (see docs/crossrefapi.md and the workflow step "Validate references with crossrefapi" in docs/README.md), ingesting external bibliographic metadata from an open third‑party site and using those results to validate references and drive report decisions, so untrusted third‑party content is read and can materially influence workflow behavior.