chat-with-arxiv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly queries the public ArXiv API (examples/arxiv_paper_retriever.py) and downloads/reads arbitrary paper PDFs from arxiv.org (examples/paper_content_processor.py), ingesting public, user-submitted content that the agent uses as context for answering questions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill downloads paper PDFs at runtime from paper["pdf_url"] (e.g., https://arxiv.org/pdf/.pdf) via requests.get and extracts/injects their text into the LLM context to generate answers, so externally hosted document content can directly influence prompts/output.