paper-code-audit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to "Compare a paper's claims against its public codebase" as part of the /audit workflow, which implies fetching and reading untrusted public repositories (e.g., GitHub or other public codebases) that could contain user-generated content influencing the agent's decisions.