survey-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and reads content from public arXiv pages/IDs (via "mcp__arxiv-mcp-server__download_paper", "mcp__arxiv-mcp-server__read_paper" and "arxiv page dump") and uses that untrusted third-party text to drive summarization, diagram generation, and follow-up actions, so third-party content can materially influence behavior.