overleaf-cli-guide

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs fetching user-generated project content from public third-party Overleaf (e.g., "git clone https://git.overleaf.com/YOUR_PROJECT_ID" and the overleaf-sync commands like "ols download" / "ols upload"), and those downloaded project files are read, compiled, and used to decide subsequent actions (e.g., push/sync/resolve conflicts), so untrusted third-party content could materially influence tool use.