arxiv-paper-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The workflow explicitly requires web searches and opening/verifying source pages (e.g., "Verify every citation via web search + source page (and PDF if available) before adding to ref.bib" and use of scripts/arxiv_registry.py to search/export arXiv entries), which ingests public third‑party webpages/arXiv records that the agent must read and act on—allowing untrusted page content to influence citation selection and writing actions.