paper-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires/encourages handling of API keys (asks the user for an API key, references env vars, and gives examples like curl -H "Authorization: Bearer ") which promotes embedding secret values directly into CLI commands and troubleshooting steps, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes a BibTeX verification step that cross-checks references against public third-party sources (CrossRef/arXiv/DBLP) and also instructs searching the web for the latest vision-capable models during model selection, so the skill fetches and interprets open/public third‑party content (SKILL.md and reference.md) that can materially influence verification and model-selection decisions.