scientific-toolkit-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The citation-management skill's SKILL.md and scripts (e.g., search_google_scholar.py, search_pubmed.py, extract_metadata.py) explicitly fetch and ingest content from open/public sources (Google Scholar, PubMed, CrossRef, arXiv, arbitrary article URLs), which the agent is instructed to read, extract metadata from, and act upon (format/validate BibTeX and drive follow-up processing), so untrusted third‑party content can directly influence tool use and decisions.