arxiv-watcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly queries the public ArXiv API (scripts/search_arxiv.sh calling https://export.arxiv.org) and its SKILL.md requires parsing abstracts and using web_fetch on PDF links to summarize and append content to agent memory, so untrusted, third‑party paper text can be read and materially influence agent outputs and stored state.