arxiv-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and processes papers from public arXiv endpoints (e.g., https://arxiv.org/e-print/{id} and the arXiv Atom API at https://export.arxiv.org/api/query) as shown in SKILL.md and index.ts and returns full LaTeX/abstract text for LLM analysis, so untrusted, user-authored third-party content can directly influence agent behavior.