lit-synthesis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests full-text PDFs and annotations from a user's Zotero library via Zotero MCP (e.g., zotero_get_item_metadata, zotero_get_annotations and Zotero's "Find Available PDF"/Web API), which can pull arbitrary, public or user-provided web content that the agent will read and interpret.