citation-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs ingesting content from public third-party sources (e.g., "use browser extension to capture from publisher pages, PubMed, Google Scholar, or arXiv" and mentions using the OpenAlex API), meaning untrusted/user-generated web content is fetched and interpreted as part of citation-capture and decision workflows, which could allow indirect prompt-injection to influence tool actions.