methodology-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill collection explicitly instructs the agent to fetch and ingest public, user-generated content as part of normal workflows — for example, osf-api-guide shows curl/requests calls to read OSF preprints/registrations, scientify-idea-generation prescribes arxiv_search and curl to download arXiv paper sources, and the slr-automation/parsifal guides describe database searches (PubMed/Scopus) — and that fetched content is then read and used to drive idea generation, literature synthesis, and pipeline decisions, which could allow indirect prompt injection from untrusted third-party pages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scientify-idea-generation skill explicitly instructs the agent to fetch remote content at runtime (e.g., "git clone --depth 1 {repo_url} $WORKSPACE/repos/{name}" and "curl -L "https://arxiv.org/src/{arxiv_id}\" | tar -xz -C $WORKSPACE/papers/{arxiv_id}"), which would cause externally hosted code/paper sources to be loaded and directly control the agent's inputs and generated prompts.