presentations

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Paper2Web pipeline explicitly supports "automatic logo discovery" and a --enable-logo-search flow that requires GOOGLE_API_KEY / GOOGLE_CSE_ID (references/paper-to-web.md), and the pipeline/html2pptx workflows render HTML (references/paper-to-web.md and references/pptx.md) — showing the agent can fetch and ingest arbitrary public web content (logo/search results, remote assets) which are then interpreted and used in generation steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Paper2All workflow includes an installation/runtime step that clones and runs code from https://github.com/YuhangChen1/Paper2All.git (git clone ... then python pipeline_all.py), which downloads remote code that is executed and used as a required dependency to control the pipeline, so it meets the criteria for a runtime external dependency that can control agent behavior.