paper-three-pass-extraction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Pass 2 acquisition recipe (SKILL.md "Pass 2 acquisition recipe") explicitly instructs the agent to curl/download full-text PDFs and to WebFetch public HTML pages (e.g., arXiv, journal pages, PubMed PMC) and then read and interpret those third-party documents as part of its extraction workflow, which exposes the agent to untrusted public content that can influence subsequent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Pass 2 recipe explicitly downloads external PDFs at runtime (via curl to the caller-supplied "{pdf_url}" and the PMC fallback "https://www.ncbi.nlm.nih.gov/pmc/articles/PMC{pmc_id}/pdf/") and injects those fetched documents into the agent's Read/WebFetch context to drive its question-answering, so external content can directly control the agent's prompts/behavior.