openalex-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md and code (scripts/openalex_client.py and scripts/query_helpers.py) explicitly fetch and ingest data from the public OpenAlex API (https://api.openalex.org) and then parse and act on that returned works/authors/institutions data (searches, filters, aggregation, and analysis), so untrusted third‑party content from OpenAlex is read and can materially influence the agent's decisions and subsequent tool use.