biorxiv-database

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes searching and retrieving preprints from the public bioRxiv server (including abstracts, pdf_url links, and PDF downloads such as "https://www.biorxiv.org/..." and workflows that parse and analyze those abstracts/PDFs), so the agent will fetch and read untrusted third-party content that can influence subsequent actions.