literature-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls the public Semantic Scholar MCP at runtime (see "All paper metadata sourced from Semantic Scholar MCP at runtime" and "Step 3: Execute Search and Build Result Cards" which calls mcp__semantic-scholar__papers-search-basic and mcp__semantic-scholar__get-paper-abstract), ingesting and displaying open third‑party paper metadata and abstracts that the agent reads and uses to select papers and generate BibTeX, so untrusted external content can materially influence its decisions.