lit-synthesis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests external papers and annotations via the Zotero MCP (e.g., download_attachments, index_library, semantic_search in mcp/zotero-setup.md and SKILL.md) and via Docling PDF→markdown conversion which is then fed into spawned reading agents (scripts/reading-agent-prompt.md), and those third-party texts are parsed and used to drive semantic searches, reading notes, mapping, and subsequent actions—so untrusted external content can materially influence the agent.