zotero

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill fetches and parses bibliographic content from public third-party sources (e.g., https://doi.org, https://data.crossref.org, CrossRef API and arbitrary DOI/URL inputs, and can save web page snapshots) and consumes that untrusted external content as part of its import workflow, which could enable indirect prompt injection.