arxiv-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and parses live content from the public arXiv API (https://export.arxiv.org/api/query) — including titles, abstracts and summaries returned by user-submitted preprints (see scripts/search.py fetch_feed and SKILL.md usage) — which the agent reads and uses to build recommendations and local notes, so untrusted third-party text could materially influence decisions or next actions.