research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Phase 2/3 in SKILL.md) explicitly instructs the agent to run web searches and scrape arbitrary URLs (firecrawl.sh) and to fetch paper summaries from AlphaXiv (alphaxiv.org via scripts/alphaxiv.sh), so the agent will ingest untrusted third‑party web/user‑generated content and use it to drive decisions and follow‑up actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The included scripts/alphaxiv.sh perform runtime curl fetches from https://alphaxiv.org (e.g., /overview/{id}.md and /abs/{id}.md) and the fetched markdown is injected as structured paper summaries that the agent is required to use (marked MANDATORY), so remote content from https://alphaxiv.org can directly control the agent's prompts/context.