journal-adapt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 workflow explicitly requires the agent to ingest and read a user-supplied "primary corpus" and optional secondary corpus PDFs/Markdown (see "Step 1 — Collect inputs" and "Step 3 — Extract Paper Style Cards") and to convert/read those papers (via MinerU in "Step 2") so untrusted third‑party papers could directly influence generated rules and subsequent revision actions.