paper-navigator

Warn

Audited by Snyk on May 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, potentially user-generated content (e.g., arXiv via scripts/arxiv_monitor.py, Semantic Scholar via citation_traverse.py/author_search.py, GitHub via github_search.py and find_code.py, and arbitrary webpages/PDFs via fetch_paper.py using the Jina Reader r.jina.ai), and those fetched results are read and used by the agent to drive citation expansion, selection, downloads, and baseline/code recommendations — so untrusted third‑party content can materially influence tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.80). The skill's fetch_paper.py calls Jina Reader at runtime (https://r.jina.ai/{target_url}) to fetch arbitrary page/PDF content as Markdown and injects/prints that content into the agent's context (and can cache it), which can be used to perform prompt-injection or otherwise control agent behavior.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 07:14 AM
Issues
2
Security Audit — snyk — paper-navigator