paper-analyzer
Warn
Audited by Snyk on Mar 31, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 1.00). The skill's required workflow (Step 1 of SKILL.md) explicitly instructs the agent to fetch and add public web papers (e.g., "notebooklm source add 'https://arxiv.org/html/'") and use NotebookLM/Semantic Scholar/web-fetcher to read those third‑party pages, which the agent is expected to interpret and use to drive analysis—meeting all criteria for exposure to untrusted, user-provided web content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires adding remote paper content at runtime into NotebookLM using URLs like "https://arxiv.org/html/" (fallback "https://arxiv.org/abs/") and also suggests calling the Semantic Scholar API ("https://api.semanticscholar.org/graph/v1/paper/ArXiv:?fields=..."), which injects external document content into the agent's context and is a required dependency for generating its analyses.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata