research-writing-assistant

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The repository explicitly instructs the agent to perform multi-source literature retrieval and parse external materials (e.g., scripts/scholar_search.py and pdf_parser.py referenced in CLAUDE.md, and modules/literature-review.md which directs searching Google Scholar/PubMed/IEEE Xplore/arXiv and ingesting user-provided CNKI abstracts), and it requires the agent to read/interpret those public third‑party sources as part of its mandatory workflow (evidence maps, citation verification, LaTeX template parsing), so untrusted web content can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The modules/environment-setup script downloads and then executes Miniconda installers from https://repo.anaconda.com/miniconda/Miniconda3-latest-MacOSX-arm64.sh (and the corresponding x86_64 and Windows installer URLs) as part of the setup flow, which is a runtime fetch of remote executable code that the skill relies on for environment setup.