reference-organizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged because SKILL.md explicitly instructs the agent to fetch and parse open/public web content (e.g., "普通网页… 优先使用网页内容抓取工具（如 mcp_DuckDuckGo_Search_Server_fetch_content）") and the provided scripts call public APIs (arXiv export API and Crossref) so untrusted/user-generated web content is ingested and directly used to drive metadata extraction and citation-generation decisions.