mcp-zotero

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask for Zotero Library ID and API/local keys and to write them verbatim into the .mcp.json (or include them in configuration), which requires the LLM to handle and embed secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow and guides (e.g., SKILL.md "Integration with reading-agent" and guides/attachments.md and guides/search-retrieve.md) explicitly instruct the agent to call get_item and download_attachments to retrieve PDFs/notes from a Zotero library (user-provided or imported public materials), which the agent is expected to read and which can materially influence subsequent actions (feeding content to reading-agent, creating/updating items), so it consumes untrusted third‑party content as part of runtime behavior.