hugging-face-paper-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (scripts/paper_manager.py) fetch and parse public, user-provided content — e.g., hf_hub_download of arbitrary repo README.md, requests.get against https://huggingface.co/papers/{arxiv-id} and the arXiv API in get_arxiv_info — and then read/interpret and incorporate that content (e.g., updating READMEs, generating citations), which exposes the agent to untrusted third-party input that could enable indirect prompt injection.