ljg-paper-river

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's execution steps explicitly require fetching and reading papers from open web sources (step "1. 獲取目標論文": "arxiv URL → WebFetch", "PDF → Read", "論文名稱 → WebSearch") and step 3 invokes a "Research skill" to recursively retrieve public papers, meaning the agent ingests untrusted third‑party web content and uses it to drive decisions and follow-up actions.