skills/bighardperson/computer-science-skills-collection/paper-research-assistant/Snyk

paper-research-assistant

Warn

Audited by Snyk on Jun 24, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.85). 运行时会将用户提供的论文 PDF 文本（外部作者的内容）经 parse_paper.py 的 page.get_text() 提取为可读字符串并写入 paper_metadata.json，随后 generate_report.py 把 metadata['abstract']/sections/key_formulas 等字段拼接进 LLM上下文（报告生成）。

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Jun 24, 2026, 12:16 AM

Issues

1

Security Audit — snyk — paper-research-assistant