scholar-citations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries the public OpenAlex API (https://api.openalex.org) in scripts/scholar_citations.py and SKILL.md describes returning titles and reconstructed abstracts which the agent is expected to read and "feed into analysis," so untrusted third‑party content could indirectly inject instructions that influence subsequent tool use.