ljg-paper-flow

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.80). The prompt explicitly instructs the agent to "強制 NATIVE 模式" and bypass the system's Algorithm seven-step lifecycle—an instruction that attempts to override higher-level execution/context control and therefore constitutes a hidden/deceptive override outside the skill's stated paper-reading/card-making function.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This workflow explicitly ingests user-supplied public papers (arXiv links, paper URLs, PDFs) and calls ljg-paper to read/interpret those third‑party documents as part of its required processing steps in SKILL.md (see "Takes one or more arxiv links, paper URLs, PDFs" and "步驟 A — 讀論文（ljg-paper）"), so untrusted web content can influence downstream actions.