skills/wentorai/research-plugins/zotero-reference-guide/Snyk

zotero-reference-guide

Warn

Audited by Snyk on Apr 2, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly parses reference sections and matches/ fetches metadata and PDFs from public third-party databases (Crossref, OpenAlex, arXiv, DBLP, SSRN, NBER, etc.) and displays/acts on those results, meaning untrusted, user-generated or public web content is ingested and can influence additions and actions in the Zotero library.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 2, 2026, 02:39 PM

Issues

1

Security Audit — snyk — zotero-reference-guide