verify-translator

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs the agent to "Fetch and ingest" documentation from https://www.zotero.org/support/_export/raw/dev/translators and https://www.zotero.org/support/_export/raw/dev/translators/coding at runtime, which would directly inject external content into the agent's context and can therefore control prompts (prompt-injection risk).