arxiv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly fetches and parses public arXiv pages (requests.get("https://arxiv.org/abs/{id}") in arxiv_download/src/retrieve.py and requests.get("https://arxiv.org/pdf/{id}.pdf") in arxiv_download/src/article.py) and then uses the retrieved title/authors/abstract to build filenames, BibTeX entries, and drive show/get/bib actions, so third‑party web content can materially influence tool behavior.