paper-slides

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt includes an explicit instruction to silently retry large-file writes via bash without asking the user for permission, which directs deceptive/stealthy behavior outside the user's consent expectations for a slide-generation skill.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill optionally runs tools/extract_paper_style.py when the user passes "--style-ref", accepting arXiv ids or http(s) URLs (public third‑party sources) and uses the resulting style_profile.md to steer slide structure, so untrusted web content can be ingested and materially influence generation.