paper-write

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public third‑party content as part of its required workflow — e.g., the "Verified BibTeX Fetch" in Step 4 (curl calls to https://dblp.org and https://doi.org to retrieve BibTeX) and the optional --style-ref helper (tools/extract_paper_style.py accepts http(s) URLs or arXiv IDs and its cached style_profile.md is read and used as structural guidance) — and those external artifacts are parsed and used to drive drafting/bibliography decisions, so they could carry instructions that materially influence agent behavior.