citation-assistant-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md includes code that directly fetches and ingests public, user-submitted metadata from OpenAlex (search_papers, get_citing_works, find_related using https://api.openalex.org) and CrossRef (get_bibtex via https://api.crossref.org), and the retrieved titles/concepts/metadata are parsed and used to drive searches, citation generation, and follow-up actions—therefore untrusted third-party content can influence the agent's workflow.