arxiv-watcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly fetches and parses public ArXiv content (via scripts/search_arxiv.sh, the ArXiv API XML entries like and , and optional web_fetch on PDF links), which the agent reads and uses to summarize and record papers—exposing it to untrusted third‑party content that could influence actions.