semantic-scholar-library-feed

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches and decodes live SSR HTML from https://www.semanticscholar.org/me/recommendations and paginates the /api/1/library/folders/recommendations and folder entries endpoints (see feed-crawl / ssr-dump in SKILL.md and decode_ssr_data_from_html/fetch_json in scripts/ss_store.py and scripts/semantic_scholar_cli.py), so untrusted third-party content from Semantic Scholar is read and interpreted and directly drives subsequent requests and folder-add actions.