arxiv-watcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly queries the public ArXiv API (scripts/search_arxiv.sh) and can fetch arXiv PDFs via web_fetch, so it ingests untrusted, user-submitted external content that the agent must read/summarize and then acts on (e.g., presenting results and appending summaries to memory), which could enable indirect prompt injection.