research

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly directs subagents to run web searches and use Firecrawl to scrape the top relevant URLs (and alphaxiv.sh fetches content from alphaxiv.org/arxiv), so the agent ingests arbitrary public third‑party webpages and summaries as part of its research pipeline, allowing untrusted content to influence subsequent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's scripts call https://alphaxiv.org (e.g., alphaxiv.sh fetching /overview/{id}.md via curl) at runtime and ingest those AI-generated summaries into the agent workflow, meaning remote content is fetched and injected into model context used for prompts.