ljg-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md execution steps explicitly fetch and ingest public third‑party papers (e.g., "arxiv URL → WebFetch", "PDF → Read", and "论文名称 → WebSearch" under "执行 → 1. 获取内容", plus instructions to download images from arxiv.org), so the agent will read and act on untrusted public web content which can influence subsequent analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime WebFetch of user-supplied paper URLs (e.g., arxiv.org/html/...) and reads/downloads PDFs/images which are injected into the agent context to drive its prompt/output, so external content fetched at runtime can directly influence the agent's behavior.