paper-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries and downloads papers from public/open sources (arXiv and OpenAlex) as shown in SKILL.md and scripts/paper.py, converts PDFs to Markdown and then reads that content via a shell cat for analysis, so untrusted third‑party content is ingested and used to drive subsequent analysis and note-writing.