bib-validate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs runtime fetching and interpretation of open web sources (e.g., using the scholarly CLI to query OpenAlex/Scopus/WoS with scholarly scholarly-search, resolving DOIs via https://doi.org, using the Crossref REST API and WebFetch, and spawning sub-agents to read landing pages) to decide DOI validity, fabrication, and to drive fix actions, which clearly ingests untrusted third‑party content that can influence downstream tool use and decisions (see SKILL.md and references/deep-verify.md).