read-arxiv-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and ingests public arXiv content (e.g., curl "https://arxiv.org/pdf/$ARXIV_ID.pdf" and reading the HTML/PDF per "Step 2" and image URLs "https://arxiv.org/html/{arxiv_id}v1/x1.png"), requiring the agent to read and act on untrusted third-party paper text and images as part of its workflow, which could enable indirect prompt injection.