document-skills

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs fetching and parsing papers from public web sources (e.g., paper-parse-guide "Input Sources" which resolves DOIs via CrossRef/Unpaywall, downloads arXiv PDFs via https://arxiv.org/pdf/{id}, and accepts direct URLs) and also calls external services (e.g., AnyStyle API at https://anystyle.io/), meaning the agent ingests untrusted third-party content as part of its workflow that can influence downstream analysis and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). Yes — the DocsGPT and GROBID instructions explicitly fetch and run remote code (git clone https://github.com/arc53/DocsGPT and git clone https://github.com/kermitt2/grobid plus Docker image pulls) which are required setup steps that download and execute external code used at runtime.