literature-search-arxiv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly queries and fetches content from public arXiv endpoints (search_arxiv.py uses http://export.arxiv.org/api/query and download_paper.py hits https://arxiv.org/ and scripts/download_paper_source.py uses https://export.arxiv.org/e-print/), and SKILL.md's workflow requires downloading and reading full-text PDFs/HTML or source files—i.e., ingesting untrusted, user-submitted third-party content that could contain instructions influencing subsequent agent actions.