inno-rclone-to-overleaf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly uses pyoverleaf to read and download user-created Overleaf project files (see SKILL.md and the CLI examples like pyoverleaf read and the "When pulling from Overleaf" workflow that downloads to /tmp, diffs, and instructs the agent to summarize and ask how to proceed), meaning untrusted third‑party project content is fetched and must be interpreted to drive decisions (merge/overwrite) — enabling indirect prompt injection.