zotero-obsidian-bridge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly reads Zotero items (metadata, full text, annotations) from a target collection via the MCP transport or local zotero-mcp and even treats Zotero "webpage" items as valid inputs (see SKILL.md Default workflow step 2 and references/PAPER-NOTE-SCHEMA.md), so it ingests untrusted third-party content whose text the agent interprets and synthesizes into notes and canvases, which could materially influence subsequent actions.