lit-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches and ingests public third-party content (e.g., the PMID-list ingestion uses curl to PubMed's eutils API and the workflow calls zotero_add_by_url/doi to pull metadata from external sites), and those externally sourced titles/metadata are parsed and used to decide Zotero additions, collection placement, and concept-extraction — so untrusted third-party content can materially influence tool actions.