paper2code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 0 and Input Processing explicitly download and convert arXiv PDFs via curl (arXiv URLs) and Phase 0's reference_search uses web searches and GitHub/public repos, so the agent ingests and analyzes open/public third-party (user-generated) content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly downloads user-supplied arXiv papers at runtime (example: curl -L "https://arxiv.org/pdf/xxxx.xxxxx.pdf" -o paper.pdf), and those fetched PDFs directly drive the agent's prompt/implementation behavior and are required for operation, so this is a runtime external dependency that can control instructions.