research-repo-reproduction

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md step 1 and Trusted Reproduction Flow) explicitly directs the agent to read README, configs, scripts, and run documented commands from external repositories, and the repository contract references ingesting public sources/metadata (e.g., arXiv, Semantic Scholar, OpenAlex) — untrusted third-party content that can directly influence which commands/tools the agent executes.