aut-sci-ppt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's PDF->outline workflow calls external LLM APIs and uses their textual responses as part of core processing (see src/aut_sci_ppt/paper_workflow.py -> _translate_sections/_call_llm which sends sections to the Moonshot API, and src/aut_sci_ppt/parser/ai_parser.py -> _call_ai which calls Anthropic/OpenAI), so untrusted third-party generated content is ingested and directly influences parsing and PPT-generation decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill makes runtime calls to external LLM endpoints that directly control agent behavior and are required by workflows—specifically https://api.moonshot.cn/v1/chat/completions (used in paper_workflow._call_llm) and the AI API endpoints https://api.anthropic.com/v1/messages and https://api.openai.com/v1/chat/completions (used in parser/ai_parser._call_ai) which will fetch model outputs that directly determine prompts/results and will raise/abort when the corresponding API keys are missing.