paper-poster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Optional: Style reference" section shows the agent can run tools/extract_paper_style.py on user-supplied sources (local file, arXiv id, or http(s) URL) to produce and ingest a cached style_profile.md that is then used to steer poster layout, so untrusted third‑party content can materially influence the agent's layout/decision workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's Phase 0 setup explicitly downloads and extracts/executes a remote TeX Live installer from https://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz (curl -L ... | tar xz and ./install-tl), which would run remote code at runtime to satisfy a required dependency (LaTeX), so it meets the criteria for a runtime-executed external dependency.