ljg-paper-flow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly extracts arXiv links, paper URLs, or PDFs from the user's message (Step 1) and in Step A calls ljg-paper to read/ingest those external papers and produce org files, so the agent will fetch and interpret untrusted public/user-provided web/PDF content that can influence subsequent tool actions.