paper-fetch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries and scrapes open/public third‑party sites as part of its core workflow (SKILL.md resolution chain: Unpaywall, Semantic Scholar, Crossref, arXiv, PMC, bioRxiv and the Sci‑Hub discovery/scrape step), and scripts/fetch.py (e.g. try_scihub, _scihub_discover_mirrors, try_crossref_title, try_semantic_scholar_match) parses those external JSON/HTML responses to pick PDF URLs, resolve DOIs, and generate follow‑up commands — i.e., untrusted public content is ingested and directly drives subsequent tool actions.