alphaxiv-paper-lookup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly fetches and ingests public, third-party content from alphaxiv.org (https://alphaxiv.org/overview/{PAPER_ID}.md and https://alphaxiv.org/abs/{PAPER_ID}.md) and directs the agent to read and use those reports/full texts to produce analyses, so untrusted web content could contain instructions that materially influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill performs runtime fetches from https://alphaxiv.org/overview/{PAPER_ID}.md (with a fallback to https://alphaxiv.org/abs/{PAPER_ID}.md) and injects the returned machine-readable markdown into the model context to drive its responses, so external content directly controls agent prompts and is a required dependency.