paper-audit

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly requires reporting commands and their arguments/exit codes when scripts fail and documents CLI options that accept API keys (e.g., --tavily-key), so if users supply secrets as command-line arguments the agent would be forced to echo those secret values verbatim in its output, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — the skill's SKILL.md "Literature Search Integration" (and Review Mode Phase 0) explicitly queries Semantic Scholar, arXiv, and optionally Tavily when --literature-search is enabled, and the literature_reviewer_agent.md / review workflow require reading those external search results to compute literature-grounding scores and inform agent judgments, which clearly ingests untrusted public web content that can influence decisions.