arxiv-analyze

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's fetcher (scripts/arxiv_fetch.py) explicitly downloads paper content from public third-party sites (arxiv2md.org, arxiv.org/html and /pdf and /src, ar5iv.labs.arxiv.org) and the SKILL.md Analysis workflow instructs the agent to read and analyze that fetched content, so untrusted user-generated/public web content can directly influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill fetches full paper content at runtime from external endpoints (notably https://arxiv2md.org/api/markdown, https://arxiv.org/html or /pdf and https://ar5iv.labs.arxiv.org/html and https://arxiv.org/src/), and that fetched text is injected into the agent's context for analysis—creating a clear prompt-injection vector where remote content can directly control model inputs.