sci-ppt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill sends extracted PDF/text to external LLM APIs (paper_workflow._call_llm → Moonshot and parser.ai_parser._call_ai → Anthropic/OpenAI) and fetches rendered formula images from codecogs.com (generator/formula_renderer.py), then directly consumes those LLM/API responses to build ParsedData and drive pagination and PPT generation, so untrusted third‑party content can materially influence agent actions.