openalex-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill directly fetches public, third‑party content from the OpenAlex REST API (https://api.openalex.org) and the SKILL.md workflows explicitly instruct the agent to reconstruct abstracts, follow OA URLs, paginate/search results, and use retrieved metadata to drive downloads and analysis, meaning untrusted API content can materially influence actions.