paper-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires the agent to actively search and ingest public third‑party resources (e.g., GitHub repositories and their issues/discussions, Hugging Face dataset pages, papers on the web, and Twitter/X posts) as part of its core workflow (see SKILL.md "All other resources ... agent 主动搜索定位" and prompts like "检查官方 GitHub 仓库...关键 issue 和 discussion" in prompts/benchmark.md and prompts/methodology.md), so untrusted user-generated web content will be read and used to influence decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs the agent at runtime to search for and fetch external GitHub and Hugging Face pages (e.g., https://github.com/... and https://huggingface.co/...) and to extract raw README/data/config/code and inject those contents into the analysis prompts, meaning fetched external content directly controls the agent's prompt/context.