paper-analyzer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit insecure example that passes the MinerU API token directly on the command line (python scripts/mineru_api.py paper.pdf ./output YOUR_TOKEN), which would require embedding the secret verbatim in generated commands and creates an exfiltration risk despite recommending env vars elsewhere.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and processes arbitrary external PDFs via MinerU (see scripts/mineru_api.py which supports submit_task(pdf_url) and download_result that extracts .md/.images) and can also fetch/clone public GitHub repos for code analysis (styles/with-code.md), so it ingests untrusted public third‑party content that the agent will read and interpret.