paper-check

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests arbitrary user-provided documents (e.g., via the --attach paper.pdf workflow) and can also perform web searches (--enable web_search_request) against public journal sites (e.g., nature.com, elsevier.com), so the agent will read and interpret untrusted third‑party/user-generated content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill itself is a harmless paper-review tool but it explicitly suggests using the flag "--dangerously-bypass-approvals-and-sandbox", which encourages bypassing sandbox/approval/security controls and thus pushes the agent toward compromising the host's security posture.