ljg-paper-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public/arXiv paper URLs, PDFs, or paper names from user messages and then calls ljg-paper to read and analyze those external documents (see SKILL.md "Takes one or more arxiv links, paper URLs, PDFs..."; Step A calls ljg-paper with the paper source), so it will read untrusted third‑party content that can influence subsequent outputs and actions.