arxiv-tracker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches paper titles/abstracts/URLs from the public arXiv API in _fetch_papers (scripts/arxiv_engine.py) and injects those untrusted, third‑party texts into LLM prompts (prompts/evaluate.md and the trend prompts used in _llm_evaluate, _trend_round1/_trend_round2/_trend_render), allowing external content to directly influence selection, scoring, report generation, and downstream actions.