paper-interpreter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly downloads and reads public arXiv content (PDF, abstract page, and TeX source) as part of its required workflow (see SKILL.md steps 2–3 and scripts/bootstrap_arxiv_paper.py), so untrusted third‑party content can be interpreted and materially influence report generation.