external-gitcode-ascend-arxiv-recommendation-npu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly ingests untrusted public content: fetcher.py (and SKILL.md) uses deepxiv to pull raw arXiv paper data and extract GitHub links, and source_detector.py then queries the GitHub API and git-clones arbitrary public repositories—content from those third-party sources is parsed and used to decide cloning and subsequent migration tasks, so external content can materially influence actions.