daily-papers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required pipeline (SKILL.md: automatic /daily-papers-fetch → /daily-papers-review → /daily-papers-notes) invokes scripts that fetch and parse open web content — e.g., fetch_and_score.py fetching https://huggingface.co/api/daily_papers and the arXiv API (export.arxiv.org), enrich_papers.py curling arxiv HTML/abs pages and PDFs, and download_note_images.py downloading arbitrary external image URLs — and that untrusted, public content is parsed and used to score/enrich/select papers, so it can materially influence the agent's decisions and actions.