paper-workbench
Warn
Audited by Snyk on Apr 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's normalize_paper.py explicitly fetches and downloads untrusted public content (http_get / fetch_json / fetch_binary for generic_paper_url, web_pdf, arXiv/AlphaXiv and Crossref endpoints and landing pages) and parses that external text into the paper-records which downstream modes (deep-read, synthesis, xray, etc.) must read and act on, so third-party content can materially influence agent decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). normalize_paper.py performs runtime HTTP fetches (e.g., https://api.alphaxiv.org/papers/v3/{arxiv_id}, https://alphaxiv.org/abs/{arxiv_id}.md, and https://api.crossref.org/works/{doi} — plus arbitrary remote PDF URLs) and injects the fetched Markdown/metadata or PDF text into the produced paper-record that is used as the model's context, so these runtime-fetched URLs can directly control the agent's prompts/outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata