sci-zotero

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly includes a "fetch-pdfs" command that "automatically find[s] and attach[s] open-access PDFs" (and supports adding items by DOI/ISBN), which indicates the skill fetches and ingests content from open/public third-party sources (untrusted PDFs/webpages) as part of its workflow and those fetched contents could influence tool actions like attaching items or metadata.