conf-papers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill programmatically fetches paper metadata and abstracts from public third-party sources (DBLP via dblp.org and Semantic Scholar API) as shown in scripts/search_conf_papers.py and the SKILL.md workflow, and it directly reads and uses that untrusted content (titles/abstracts/arXiv IDs) to score, select, and trigger follow-up actions (e.g., extract-paper-images, paper-analyze), so external content can materially influence decisions and tool use.