paper-analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires WebFetch/WebSearch of public third-party sites (e.g., Phase 0 URL handling and Phase 1 agent prompts that instruct visiting arXiv, Semantic Scholar, OpenReview, blogs, Google Scholar, GitHub, etc.) and mandates using that fetched, user/third‑party content to verify facts and drive the analysis, so untrusted external content can influence the agent's decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill issues runtime WebFetch calls (e.g., WebFetch https://arxiv.org/abs/{id}) to retrieve paper content which is then injected into subagent prompts and is required for the analysis workflow, so the external URL directly controls agent inputs at runtime.