arxiv-mcp

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 0.70). The prompt includes a "Memory Protocol" that explicitly tells the agent to read and write local .claude/context/memory files and to "ASSUME INTERRUPTION", which directs behavior outside the arXiv search/retrieval purpose (accessing and persisting internal agent memory), so it contains deceptive/out-of-scope instructions that could affect agent state or leak sensitive context.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly directs the agent to fetch and parse live content from the public arXiv API (http://export.arxiv.org/api/query) and via Exa searches of site:arxiv.org, ingesting untrusted, user-submitted abstracts/metadata which the agent is expected to read and use to drive follow-up searches and actions.