paper-to-course

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read open-web content (e.g., construct arXiv PDF URLs and "Use WebFetch or Read" for arXiv/DOI in SKILL.md Phase 1, and "Use WebSearch" for related papers/blogs in Phase 2 and README), so it ingests untrusted public third‑party content which the agent is expected to interpret and use to drive course-building decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs constructing and fetching arXiv PDFs at runtime (e.g., https://arxiv.org/pdf/xxxx.xxxxx) and to resolve DOIs via WebFetch, and the fetched paper content is read and injected into the agent's workflow to generate the course (i.e., it directly drives the agent's prompts/output).