paper-to-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts a "paper URL" as input (SKILL.md: "$0 — Paper PDF path, paper text, or paper URL") and the workflow and prompts require the agent to read and interpret the provided paper content ({paper_content}) to drive planning, design, and code generation, so untrusted public webpages/PDFs could inject instructions that alter agent behavior.