paper-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Optional: Style reference" flow in SKILL.md accepts arXiv IDs and http(s) URLs and runs tools/extract_paper_style.py to fetch a cached style_profile.md from those public sources, which the agent then reads and uses as structural guidance for the outline (section ordering, subsection/theorem density, figure budget), enabling untrusted third-party content to influence decisions.