paper-illustration
Warn
Audited by Snyk on May 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md documents an optional --style-ref flow that runs tools/extract_paper_style.py on sources including http(s) URLs and arXiv IDs and then uses the produced style_profile.md as structural guidance for prompt generation, meaning the agent ingests untrusted public third-party content (web/arXiv) that can materially influence prompts and generation.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill performs runtime POST requests to Google's Generative Language endpoints (e.g., https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-preview:generateContent and https://generativelanguage.googleapis.com/v1beta/models/gemini-3-pro-image-preview:generateContent), and the responses (layout_description/style_spec/images) are read back and injected into subsequent prompts and rendering steps, so these external URLs directly control the agent's prompts and are required at runtime.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata