paper-workbench

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The normalize_paper.py script explicitly fetches and ingests content from open web sources (http_get/fetch_json/fetch_text/fetch_binary calling alphaxiv.org, api.crossref.org, arbitrary HTTP(S) URLs and remote PDF links) as part of the required "Normalize First" workflow, so untrusted third-party page content can directly influence normalization and downstream interpret/xray behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's normalize_paper.py fetches remote content at runtime (e.g., https://alphaxiv.org/abs/{arxiv_id}.md and https://api.crossref.org/works/{doi}), and that fetched markdown/metadata is injected into the paper-record and used as the model's factual/contextual input for interpret/xray modes, meaning those external URLs can directly control the agent's outputs.