analyze-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 0 and Phase 1) explicitly performs WebFetch/WebSearch/Read of arbitrary paper URLs and public sites (e.g., "WebFetch {url}", arXiv/Semantic Scholar/OpenReview, and community sources like Reddit/Twitter/GitHub) and then mandates that agent subagents consume and use that fetched content to drive analysis and decisions, exposing it to untrusted third‑party/user‑generated content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly performs runtime WebFetch calls to URLs such as https://arxiv.org/abs/{id} and https://arxiv.org/html/{id} and stores the fetched paper content in {paper_content} which is then passed into sub-agents and used as the authoritative prompt/context—i.e., external content fetched at runtime directly controls agent instructions.