auto-paper-demo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs the agent to fetch and ingest public paper content from alphaxiv.org (overview/{PAPER_ID}.md) and arxiv.org (https://arxiv.org/pdf/{PAPER_ID}) to drive the notebook generation, so untrusted, user-published web content is read and used to decide actions and produce code/storyline.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches runtime content from https://alphaxiv.org/overview/{PAPER_ID}.md (with fallback https://alphaxiv.org/abs/{PAPER_ID}.md) and uses that returned markdown as structured paper content injected into the agent’s context/instructions, so this external content directly controls prompts and is a required dependency.