humanities-thesis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly performs automated searches and fetches from public third‑party sources (see SKILL.md/README usage instructions and scripts/search.py plus the sources/* modules such as source_openalex.py and source_google_scholar.py, and the HTTP fetcher in scripts/lib/http_client.py), and those retrieved abstracts/pages are parsed and used by the agent (rendering, ranking, citation generation and downstream analysis), so untrusted external content can materially influence the agent's actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.95). The README/quickstart instructs the agent to install/clone and load the skill from https://github.com/ganzhi-black/humanities-thesis-skill at runtime (e.g., "git clone https://github.com/ganzhi-black/humanities-thesis-skill" and "Agent 会自动读取 SKILL.md 并加载全部功能"), which means external repository content (SKILL.md) is fetched at runtime and directly controls agent prompts/instructions.