read-arxiv-paper

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to download and unpack arXiv source tarballs from public URLs (https://www.arxiv.org/src/{arxiv_id}) and to read and act on those paper sources, which are public/user-submitted content that can influence the agent's decisions and actions.