thesis-standardizer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's literature harvest and PDF workflows explicitly fetch and ingest open/public third‑party content (see references/literature-harvest-workflow.md and scripts like run_keyword_harvest_no_dedup.py, continue_download_and_dedup.py, and extract_pdf_references.py), and that ingested, untrusted literature/HTML/PDF is read and used to drive citation selection, drafting, and follow-up actions—so external content can materially influence the agent's decisions.