arxiv-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches and ingests abstracts from the public arXiv repository (see arxiv_search.py using arxiv.Client and the SKILL.md description), which is user-submitted third-party content that the agent reads and could influence its decisions or follow-up actions.