daily-papers-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests enriched paper data from /tmp/daily_papers_enriched.json (produced by the separate "跑一下论文抓取" step) which contains public third‑party sources like hf-daily, hf-trending and arXiv and that content is read and used to drive critiques, ranking, and saving actions, so untrusted web-originated content can materially influence the agent's decisions.