ljg-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and ingests public third‑party content (e.g., "arxiv URL → WebFetch" and "PDF → Read" in the "获取内容" / Execution section of SKILL.md), and the agent must read and interpret that external paper content to drive its analysis, file generation, and downstream decisions—creating a clear avenue for indirect prompt injection from untrusted web/PDF sources.