pp-arxiv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill performs live queries against the public arXiv API (the SKILL.md states "Live-first" and describes using arXiv /api/query) and explicitly directs agents to consume the CLI's --agent JSON output (parse .results), so untrusted, user-submitted paper content from arXiv will be ingested and can materially influence agent decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching and installing the CLI at runtime via npx (@mvanhorn/printing-press install arxiv) or go install github.com/mvanhorn/printing-press-library/library/other/arxiv/cmd/arxiv-pp-cli@latest, which downloads and installs/executes remote code (a required dependency) so these external sources are runtime code-execution risks.