Skills
skills/lijigang/ljg-skill-xray-paper/ljg-xray-paper/Snyk

ljg-xray-paper

Warn

Audited by Snyk on Feb 27, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). Step 1 of the SKILL.md explicitly converts arXiv IDs/URLs to https://arxiv.org/html/... and instructs the agent to "WebFetch 抓取全文" (and also accepts other URLs/PDFs), and Step 3 requires the agent to read and interpret that fetched third‑party paper content to drive its analysis and outputs, so the skill clearly ingests untrusted public webpages/PDFs that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill explicitly converts arXiv identifiers/links into and WebFetches https://arxiv.org/html/... at runtime to load the paper HTML and inject that content into the agent's context for analysis, meaning https://arxiv.org/html/... is a runtime external dependency that directly controls the agent's prompts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 11:04 AM