biorxiv-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches and ingests public, user-generated preprint content from the bioRxiv API and website (see SKILL.md and scripts/biorxiv_search.py: BASE_URL "https://api.biorxiv.org" and download_pdf using "https://www.biorxiv.org/content/..."), and those abstracts/metadata/PDFs are read and used to drive searches, filtering, downloads and downstream actions, so untrusted third‑party content could indirectly influence agent behavior.