citation-bibliography-tooling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests raw metadata and publisher pages from public third-party sources (see references/citation-bibliography-policy.md and references/repository-contract.md listing Crossref, OpenAlex, Semantic Scholar, arXiv, PubMed, DBLP, Zotero, and publisher pages), and the required workflow expects the agent to read and normalize that content to drive deduplication, ledger updates, and audit decisions, so untrusted external content can influence agent actions.