paper-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill sends user/third-party papers to the SoMark service (https://somark.tech) and then explicitly reads the generated Markdown/JSON outputs ("After the script finishes, read the generated Markdown and extract the following structured fields" in SKILL.md and paper_digest.py), so it ingests untrusted/user-generated content from an external parser and uses that content to drive extraction/decisions for the research card.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill at runtime calls the SoMark API (https://somark.tech/api/v1 — e.g. https://somark.tech/api/v1/parse/async and /parse/async_check) to fetch parsed Markdown/JSON outputs which are then read and injected into the agent's prompt/context to drive the extraction, and the skill requires that external service (SOMARK_API_KEY), so remote content controls the agent input.