literature-engineer
Warn
Audited by Snyk on Feb 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests public third-party content (titles/abstracts/metadata) from arXiv (export.arxiv.org in _search_arxiv_once/_search_arxiv_paged and _fetch_arxiv_id_list) and Semantic Scholar via _semantic_scholar_request_json (r.jina.ai proxy) and then parses/uses those fields in its workflow, so it clearly consumes untrusted public content that could carry indirect prompt-injection payloads.
Audit Metadata