paper-navigator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from open/public third-party sources (Semantic Scholar, arXiv, Jina Reader, GitHub, HuggingFace) — see scripts like fetch_paper.py, scholar_search.py, github_search.py and SKILL.md workflows (e.g., "Read a Paper by URL", arXiv monitoring, citation traversal, and find_code) — and the agent is expected to read and act on that content to drive searches, citation traversal, recommendations, and next steps, which can allow indirect prompt injection via untrusted user-generated pages/repos.