ljg-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required "执行 → 1. 获取内容" workflow explicitly fetches and ingests papers from public sources (e.g., "arxiv URL → WebFetch", "arxiv → 访问 HTML 版 (arxiv.org/html/...)", downloading PDFs, and WebSearch), meaning it reads untrusted third-party content that will directly influence its analysis and subsequent actions.