init-latex-project

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's init.sh and sources.yaml explicitly auto-download official style packages from public third-party sites (e.g., icml.cc, neurips.cc, GitHub repos, CVF/media.eventhosts.cc) as part of the required setup, and SKILL.md also directs the agent to rely on external Overleaf compile logs/previews — meaning untrusted public content is fetched/ingested and can influence compilation and subsequent agent actions.