openalex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries the public OpenAlex API (api.openalex.org) and uses returned metadata (e.g., .content_urls.pdf, .best_oa_location.pdf_url, .locations[].pdf_url) to decide and perform PDF downloads — see scripts/openalex_download_pdf.sh and the SKILL.md PDF Retrieval / Europe PMC fallback — so it ingests open/public third‑party content that directly influences follow-up actions.