oma-scholar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and consumes public, user-generated sidecars and metadata from third-party sites (knows.academy via the /api/proxy endpoints and OpenAlex) as part of its Remote/Analyze/Generate workflows (see SKILL.md, resources/api-endpoints.md, and resources/execution-protocol.md), so untrusted external content is read and used to drive LLM outputs and tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime fetches (e.g., curl "https://knows.academy/api/proxy/..." and calls to "https://api.openalex.org/...") to retrieve sidecars/abstracts that are injected into the LLM context to drive generation/analysis, so remote content directly controls prompts.