ieee-paper-detail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly navigates to and evaluates arbitrary IEEE Xplore article pages (Step 1: navigate_page to the article URL; Step 3: evaluate_script reads document content), which are open/public third‑party pages whose content the agent parses and uses to produce outputs, creating a clear vector for indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill injects an initScript that overrides navigator.webdriver to evade bot detection—an explicit instruction to bypass anti-automation security mechanisms—so it should be flagged even though it doesn't modify system files or request sudo.