pyzotero

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and processes arbitrary user/third-party content from Zotero libraries (e.g., downloading attachments and HTML snapshots via zot.dump/zot.file in references/files-attachments.md and retrieving full-text via zot.fulltext_item and qmode='everything' in references/full-text.md and SKILL.md), which the agent would read and could influence subsequent actions.