hypogenic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's HypoRefine/Union workflows explicitly ingest open third-party content — e.g., instructions to git clone public datasets (GitHub repos) and to add/process research PDFs placed in literature/YOUR_TASK_NAME/raw/ using GROBID and pdf_preprocess.py — and the agent is expected to read/interpret that literature/dataset content to generate/refine hypotheses that materially influence downstream decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs cloning external dataset/config repos (e.g., https://github.com/ChicagoHAI/HypoGeniC-datasets.git and https://github.com/ChicagoHAI/Hypothesis-agent-datasets.git) and then runs hypogenic with config.yaml from those repos, so content fetched at runtime can directly supply prompt templates that control the agent's prompts/instructions.