academic-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required workflow (Core Logic Steps → Literature Search / Research & Write flow) explicitly instructs the agent to call the external "academic-research-hub" to search public sources (e.g., arXiv) and ingest BibTeX/paper content, which are untrusted third‑party publications that the agent will read and use to drive writing and citation actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs installing system-level packages with sudo (e.g., sudo apt-get install texlive-full, latexmk) and exposes tools that write/overwrite files and run system commands, which modify the machine's state and require elevated privileges.