zotero-ai-butler-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests papers from open third-party sources (e.g., "Zotero Sci-Hub → Fetch PDF" and selecting/importing papers in Zotero) and uses that untrusted document content for summarization, Q&A, auto-tagging, and reading-list generation, so arbitrary/public document text could influence model outputs and downstream actions.