arxiv-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly queries the public arXiv API (http://export.arxiv.org) and downloads PDFs from arxiv.org, ingesting public, author-submitted abstracts and paper content that the agent is expected to read and act on (e.g., summarize or decide which PDFs to download), so untrusted third-party content could influence behavior.