ieee-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent navigating and scraping IEEE Xplore pages (e.g., navigate_page to {BASE_URL}/stampPDF/getPDF.jsp and stamp/stamp.jsp and evaluate_script that reads document.body.innerText and iframe.src) and then uses that page content to decide navigation, downloads, and access handling, which exposes the agent to untrusted third-party web content that could indirectly inject instructions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs evasion of bot-detection (overriding navigator.webdriver) and automates interactive actions in the user's browser—a security-evasion behavior—though it does not request sudo, modify system files, or create accounts.