unpaywall-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs calling the public Unpaywall API (GET https://api.unpaywall.org/v2/{doi}) and consuming fields like best_oa_location.url and url_for_pdf that point to arbitrary third-party repositories/publisher pages, so the agent reads and acts on untrusted public web content as part of its workflow.