paper-formatter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly asks for a "Sample paper (范文)" from the target journal in SKILL.md Step 1 and then programmatically ingests and analyzes that .docx/.tex (see scripts/analyze_docx.py and scripts/generate_latex.py), using extracted style rules (fonts, headers/footers, citation setup) to drive document generation—so arbitrary third‑party/user‑provided documents are parsed and can materially change tool behavior (e.g., chosen LaTeX packages, \setmainfont/\setCJKmainfont insertion, header/footer), creating a clear injection surface.