citation-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's core workflow and scripts (e.g., scripts/search_google_scholar.py, scripts/search_pubmed.py, and scripts/extract_metadata.py) explicitly fetch and ingest content from open/public third‑party sources (Google Scholar, PubMed, CrossRef, arXiv and arbitrary URLs) and use that metadata to drive validation, auto‑fixing, and generation decisions, so untrusted third‑party content can materially influence the agent's actions.