citation-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's core workflow and scripts (e.g., scripts/search_google_scholar.py, scripts/search_pubmed.py, and scripts/extract_metadata.py --url) explicitly fetch and ingest content from open/public third‑party sources such as Google Scholar, PubMed, CrossRef, arXiv, doi.org and arbitrary article URLs as part of its required metadata-extraction and validation steps, meaning untrusted third‑party content is read/interpreted and can influence downstream actions (formatting, validation, auto-fix) — creating a clear avenue for indirect prompt injection.