auto-paper-improvement-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Optional: Style reference" flow runs tools/extract_paper_style.py on a user-provided source (accepting arXiv ids and http(s) URLs) and explicitly uses the cached style_profile.md during the fix-implementation phase to nudge structural edits, meaning the agent fetches and interprets public third-party content that can influence its editing decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs the helper "python3 tools/extract_paper_style.py --source """ at runtime and explicitly accepts an http(s) URL as a valid --style-ref source whose cached output (CACHE/style_profile.md) is then used to steer the fix-implementation phase, so a remote http(s) URL provided at runtime can directly influence agent editing instructions.