zotero-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows (e.g., "zot add --url", "zot --json pdf", "zot update-status" using the Semantic Scholar API, and "zot workspace query" with PDF fulltext / exported JSON pasted into Claude Code) explicitly fetch and index public third-party content such as arXiv/DOI-resolved papers and Semantic Scholar results and then feed that untrusted content into RAG/query workflows, so external content can influence the agent's decisions.