daily-papers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's pipeline automatically fetches and parses open/public web content (e.g., fetch_and_score.py calls export.arxiv.org and huggingface.co APIs, enrich_papers.py curls https://arxiv.org/html/{arxiv_id}, and download_note_images.py downloads arbitrary external image URLs), treats that untrusted/user-generated content as input to enrichment/scoring/selection, and thus third-party pages can materially influence tool decisions and outputs.