arxiv-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public, user-submitted content from arXiv (see the "Search Papers (arXiv API)" code using http://export.arxiv.org/api/query, the RSS feeds http://arxiv.org/rss/{category}, and the "Download PDF" flow), and the agent is required to read and summarize abstracts and PDFs as part of its workflow, so third-party text could materially influence decisions.