arxiv-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (scripts/arxiv_monitor.py -> _run_search calling the sibling arxiv-search script/SEARCH_SCRIPT) and the SKILL.md explicitly query the public arXiv API and ingest returned paper metadata/abstracts (public, user-submitted content) which the agent reads and uses to decide which papers to present or analyze, so untrusted third‑party content can influence actions.