google-scholar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md requires running the scholar CLI to search Google Scholar, fetch BibTeX entries (including abstracts/snippets) and optionally download PDFs from public sites like arXiv, meaning the agent will ingest and act on untrusted, user-generated/public web content (Google Scholar results and external PDFs) as part of its workflow.