literature-search-openalex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill routinely fetches and ingests public third-party content from the OpenAlex API (https://api.openalex.org) and follows/arbitrarily downloads PDFs or fallback pdf_url/landing_page_url links found in work metadata (via scripts/openalex_cli.py), and SKILL.md requires listing those paper URLs in outputs—meaning untrusted external content is read and can change the agent's subsequent actions.