paper-plan

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill's optional --style-ref flow runs tools/extract_paper_style.py with arXiv IDs or http(s) URLs and reads the resulting $CACHE/style_profile.md (and uses it in the Gap Report and to shape the outline), so arbitrary public web/arXiv content is fetched and directly influences structural decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill invokes tools/extract_paper_style.py with a user-provided source and accepts http(s) URLs (e.g., https://arxiv.org/pdf/2501.12345.pdf), which will be fetched at runtime and whose extracted style_profile.md is used to directly guide/alter the agent's outline prompts — this remote URL fetch thus directly controls agent instructions when the optional --style-ref feature is used.