academic-pdf-to-gfm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs agents to fetch and ingest public web content (e.g., "Look for the paper on arxiv.org" with curl to download .tex source and "spawn resolver agents to search online for authoritative third‑party sources" in Phase 3), meaning untrusted third‑party pages are read and used to resolve discrepancies and drive fixes, which could enable indirect prompt injection.