paper-navigator
Warn
Audited by Snyk on May 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, potentially user-generated content (e.g., arXiv via scripts/arxiv_monitor.py, Semantic Scholar via citation_traverse.py/author_search.py, GitHub via github_search.py and find_code.py, and arbitrary webpages/PDFs via fetch_paper.py using the Jina Reader r.jina.ai), and those fetched results are read and used by the agent to drive citation expansion, selection, downloads, and baseline/code recommendations — so untrusted third‑party content can materially influence tool use and next actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill's fetch_paper.py calls Jina Reader at runtime (https://r.jina.ai/{target_url}) to fetch arbitrary page/PDF content as Markdown and injects/prints that content into the agent's context (and can cache it), which can be used to perform prompt-injection or otherwise control agent behavior.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata