paper-orchestra
Warn
Audited by Snyk on May 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The pipeline's Literature Review Agent (Step 3 / host-integration.md) explicitly performs web searches and fetches Semantic Scholar API results (public, third‑party content) to draft intro_relwork.tex and refs.bib which are then consumed by the Section Writing and refinement agents, so untrusted external content is read and can materially influence subsequent tool decisions and outputs.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The Literature Review step explicitly uses the host's WebFetch against the Semantic Scholar API (https://api.semanticscholar.org/graph/v1/paper/...) at runtime to retrieve paper metadata/abstracts which are injected into the agent's prompts to draft the intro/related-work, so external content from that URL directly controls model inputs during execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata