autoresearchclaw-autonomous-research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's pipeline explicitly performs "real API calls to arXiv + Semantic Scholar" in Stage 4 (LITERATURE_COLLECT) and offers a "use_web_fetch" live web search option, so the agent fetches and ingests external public web content (arXiv/Semantic Scholar and live web pages) that it reads and uses to drive literature extraction, hypotheses, experiment design, and other decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The installation instructions require cloning and installing remote code from https://github.com/aiming-lab/AutoResearchClaw.git (git clone + pip install -e .), which fetches and executes external code that the skill depends on and which can directly control agent behavior or execute code at runtime.