zotero-api

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt's examples explicitly show embedding an API key directly in curl headers and code (e.g., "Zotero-API-Key: YOUR_API_KEY"), which would require an agent to include user-provided secrets verbatim in generated commands or code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent fetching public, user-generated Zotero content via endpoints like GET https://api.zotero.org/users/{userID}/items and https://api.zotero.org/groups/{groupID}/items (e.g., the example curl for public group libraries and the sync/tag-analysis workflows), so the agent will read and act on arbitrary third-party library data that could contain untrusted instructions.