replicate-study

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests arbitrary external papers via the Input "Source paper: PDF, DOI, or markdown" and Phase 1 ("Read the source paper (PDF → text, or markdown)"), meaning it fetches and interprets third‑party/public documents whose contents directly drive variable mapping, code generation, and analysis decisions.