arxiv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md workflow (步骤3: 执行搜索 / 步骤4: 整理结果) and the included scripts/search.py explicitly fetch and ingest paper titles/abstracts/PDF URLs from the public arXiv website (a user-submitted, untrusted third‑party source) and then the agent reads/summarizes those abstracts and uses them to drive recommendations and follow-up analysis, which could allow indirect prompt-injection via third‑party content.