ai-paper-reproduction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The orchestrator explicitly reads the repository README and extracts documented commands (see SKILL.md workflow "Read README and repo signals" and scripts/orchestrate_repro.py calling repo-intake-and-plan/extract_commands.py) and may execute the extracted commands, so untrusted user-generated README content can directly influence tool execution and decisions.