paper-interpreter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and bootstrap script explicitly fetch and ingest public arXiv content (the arXiv API/abstract page, PDFs at https://arxiv.org/pdf/..., and TeX sources via https://arxiv.org/e-print/...), and the agent is instructed to read and use those materials (metadata.json, TeX source, PDF) to generate reports and decide follow-up actions, so untrusted third-party content could influence behavior.