ljg-paper-river

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Execution step 1 explicitly requires fetching and reading open/public sources (e.g., "arxiv URL → WebFetch", "PDF → Read", and "论文名称 → WebSearch" and use of the "Research skill") so the agent ingests and interprets untrusted, user/third‑party web content that directly drives recursive citation-following and subsequent actions.