paperbd-study-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs running "paperbd ask --arxiv <arxiv_id> --query """ (Step 5), which returns PDF passages from public third-party papers (arXiv/paperbreakdown.com) that the agent is expected to read and use to answer questions, thereby exposing it to untrusted third-party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill relies on the paperbd CLI and instructs running "paperbd ask" which fetches and prints PDF passages from Paper Breakdown (e.g., https://paperbreakdown.com) at runtime, and those fetched passages are injected into the agent's context and directly control what the agent answers.