hypogenic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly requires ingesting third-party content—e.g., cloning public GitHub datasets and adding research PDFs into literature/YOUR_TASK_NAME/raw/ for HypoRefine (processed via pdf_preprocess.py/GROBID)—so the agent will read and act on untrusted public content that can materially influence hypothesis generation and downstream actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs cloning and running code from the external GitHub repository https://github.com/ChicagoHAI/hypothesis-generation (and related dataset repos like https://github.com/ChicagoHAI/HypoGeniC-datasets.git and https://github.com/ChicagoHAI/Hypothesis-agent-datasets.git), and then running bundled scripts (e.g., ./modules/setup_grobid.sh and ./modules/run_grobid.sh) which means remote code is fetched and executed at runtime for the HypoRefine workflow, making these runtime external dependencies that execute code.