zotero-gpt-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Core Features (Paper Summarization and Question Answering) explicitly state the agent reads PDFs, abstracts, metadata, and user annotations from the user's Zotero library—i.e., arbitrary papers and user-imported content from public websites—which the agent ingests and uses to drive its outputs, creating a clear avenue for indirect prompt injection.