ai-paper-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes arbitrary external papers (e.g., "paper.pdf" via functions like smart_extract_figures/extract_embedded_images and crop_figure) and even includes MCP connectors (Notion/filesystem) for pulling documents, so it will read untrusted third‑party content that could carry indirect prompt injection.