google-scholar-scraper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the skill directly fetches and parses public Google Scholar pages via the scholarly Python library (see the search_scholar and get_author_profile examples), so the agent ingests untrusted third‑party web content that is read and used to drive data collection, parsing, and downstream actions — enabling indirect prompt-injection risk.