hypogenic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly ingests public third‑party content (e.g., git clone of GitHub example datasets and the "Literature Processing" / HypoRefine workflow that directs users to place research PDFs in literature/... and run modules/pdf_preprocess.py with GROBID), and those documents are read and used to generate/refine hypotheses—so untrusted external content can materially influence agent decisions.