paper-notes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (scripts/run.py) explicitly load and process external paper text and metadata (via papers/fulltext_index.jsonl -> papers/fulltext/*.txt and dedup/metadata/abstracts) and then infer methods/key_results/limitations and build an evidence_bank from those arbitrary third-party paper contents, so untrusted/public text is read and can materially influence downstream decisions.