Skills
skills/willoscar/research-units-pipeline-skills/agent-survey-corpus/Snyk

agent-survey-corpus

Warn

Audited by Snyk on Mar 15, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill explicitly downloads and extracts text from public arXiv PDFs (e.g., https://arxiv.org/pdf/{arxiv_id}.pdf as described in SKILL.md and .codex/skills/agent-survey-corpus/scripts/run.py), then reads and uses that extracted content to build style reports and guide pipeline writing, so untrusted third‑party content can influence agent decisions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 01:59 PM
Issues
1