survey-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts arXiv IDs/URLs and "arxiv page dump" inputs and uses mcp__arxiv-mcp-server__download_paper and mcp__arxiv-mcp-server__read_paper to fetch and parse public arXiv pages (search results, author pages, paper PDFs/markdown), so the agent will read and interpret arbitrary third-party web content that could contain untrusted/user-provided text.