arxiv-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill directly fetches and parses user-submitted papers from the public arXiv API (http://export.arxiv.org/api/query and arxiv.org PDF/abs URLs) — see scripts/arxiv_search.py and SKILL.md — and returns/uses titles/abstracts/links in workflows (search results, download, analysis), so untrusted third‑party content could materially influence subsequent actions.