academic-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public third-party content (e.g., "arXiv URL — 使用者貼上 arXiv 論文連結，太奶會抓取論文內容" in paper-reading/SKILL.md), then reads and interprets that content as part of its workflow to produce analyses and actions, creating a clear avenue for indirect prompt injection from untrusted web sources.