citation-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's core workflow and scripts (e.g., search_google_scholar.py, search_pubmed.py, extract_metadata.py with --url, and use of CrossRef/arXiv APIs) explicitly fetch and ingest open public third‑party content (Google Scholar, PubMed, arXiv, arbitrary URLs) whose metadata/contents are read and used to drive citation generation and auto-fix/validation actions, so untrusted or user‑submitted content can materially influence tool behavior.