paper-reading

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The workflow explicitly downloads and ingests papers from arbitrary "Other URL" sources (PDF download or WebFetch for text) in the "PDF Acquisition" section and then uses the Read tool to parse and act on that content, so the agent will fetch and interpret untrusted public web content as part of its routine (SKILL.md "PDF Acquisition" / "Download Flow" / "Read Content").