arxiv

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to fetch and read content from public third-party sources (e.g., web_extract(urls=["https://arxiv.org/abs/ID"]) and https://arxiv.org/pdf/ID plus Semantic Scholar API calls), so it ingests untrusted, user-submitted web content which the agent is expected to interpret and use to drive recommendations and next actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 07:01 PM
Issues
1
Security Audit — snyk — arxiv