biorxiv-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests public, user-generated preprint content from bioRxiv (e.g., via BASE_URL "https://api.biorxiv.org" in scripts/biorxiv_search.py and by downloading PDFs from "https://www.biorxiv.org/content/...v{version}.full.pdf"), including abstracts, JATS XML and full-text PDFs which the agent reads and formats, so it clearly consumes untrusted third‑party content that could carry embedded instructions.