Export items as formatted bibliography or citation data. Selection methods (use ONE): - itemKeys: Export specific items by their keys - collectionKey: Export all items in a collection - tag: Export all items with a specific tag - query: Export items matching a search query - exportAll: Export ent...
AI agents call export_bibliography to retrieve information from Zotero without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool reads items from the Zotero library and exports them in various citation formats (BibTeX, RIS, CSL JSON, formatted text). It performs no writes, deletions, or side-effecting operations. The only risk is exfiltrating library data, which is low severity given it's the user's own reference library.
From the tool's definition Export items as formatted bibliography or citation data — retrieves and formats existing reference data without modifying or deleting anything.
Attacks that exploit this kind of access
Export items as formatted bibliography or citation data. Selection methods (use ONE): - itemKeys: Export specific items by their keys - collectionKey: Export all items in a collection - tag: Export all items with a specific tag - query: Export items matching a search query - exportAll: Export entire library (use with caution for large libraries) Formats: - bibtex: BibTeX format for LaTeX - ris: RIS format for reference managers - csljson: CSL JSON for citation processors - bibliography: Formatted citation text (use. It is categorised as a Read tool in the Zotero MCP Server, which means it retrieves data without modifying state.
Register the Zotero MCP server in PolicyLayer and add a rule for export_bibliography: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Zotero. Nothing to install.
export_bibliography is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the export_bibliography rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for export_bibliography. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
export_bibliography is provided by the Zotero MCP server (xbghc/zotero-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →