sci-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly requires fetching and reading public third party papers (for example, SKILL.md Step 1: "Use web_fetch on the arXiv abstract page, then on the PDF/HTML version for full text") and mandates that the agent read and cite that fetched arXiv/DOI/PDF content as part of the Heilmeier analysis, so untrusted public web content can directly influence the agent's interpretation and subsequent actions.