fulltext-retrieval

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches and ingests content from open/public third-party sources (Unpaywall, Europe PMC/NCBI PMC, OpenAlex, Crossref and arbitrary publisher "landing pages" via fetch_oa.py's gather_candidates/download_from_landing/scrape_pdf_candidates) and then converts downloaded PDFs to Markdown for LLM consumption (pdf_to_md.py and SKILL.md explicitly notes Claude Code will "Read" or "Grep" the content), so untrusted web/PDF content can be read and materially influence downstream tool decisions and prompts.