daily-papers-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill reads and directly uses enriched paper data (e.g., abstracts, method_summary, source/hf_upvotes fields) from the local file /tmp/daily_papers_enriched.json — which is populated from public sources like hf-daily/hf-trending/arXiv — and the agent is required to interpret that untrusted third-party content to make decisions and generate follow-up actions (reviews, saves, history updates), so it can be influenced by injected instructions in those sources.