daily-papers-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly fetches and parses public third‑party content (Phase 1+2: fetch_and_score.py pulls from HuggingFace Daily/Trending APIs and the arXiv API; Phase 3: enrich_papers.py curls HTML/PDF pages) and uses that untrusted, user-submitted web content to score, select, and enrich papers—behavior that can materially influence downstream decisions/actions.