paper-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public third‑party content (arXiv HTML/PDF, project homepages, DOI pages and arbitrary URLs from Zotero) as part of its required workflow (see SKILL.md image-fetch/WebFetch steps, references/image-troubleshooting.md, and paper_daemon.py call_claude_code which instructs fetching arXiv/project pages), so untrusted web content can directly influence parsing, classification, note generation and downstream actions, enabling indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill constructs runtime prompts that instruct the external model to WebFetch arXiv pages (e.g. https://arxiv.org/html/{arxiv_id} and https://arxiv.org/pdf/{arxiv_id}.pdf) to obtain paper HTML/PDF and images when no local PDF exists, so remote content is fetched at runtime and directly influences the agent's instructions and outputs.