arxiv-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches public arXiv content (via arxiv_fetcher.fetcher.py: RSS/API and LaTeX download in fetch_latex_source) and directly injects the untrusted paper text (abstract, main body, appendix) into LLM prompts in agents/reader_agent.py and agents/classifier_agent.py to drive classification and decisions (e.g., whether to read the appendix), so third‑party content can materially influence agent behavior.