alphaxiv
Warn
Audited by Snyk on Apr 19, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's required workflow (Steps 2–4 in SKILL.md) explicitly fetches and parses untrusted public content from alphaxiv.org (e.g., https://alphaxiv.org/overview/{PAPER_ID}.md and https://alphaxiv.org/abs/{PAPER_ID}.md) and arXiv source archives (https://arxiv.org/src/{PAPER_ID}), and the agent is expected to read and act on that content to answer questions and decide follow-up actions, which could allow indirect prompt injection.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill explicitly fetches runtime content from https://alphaxiv.org/overview/{PAPER_ID}.md (and falls back to https://alphaxiv.org/abs/{PAPER_ID}.md), which are described as "structured, LLM-optimized" reports that are used directly as the agent's input/instructions, so external content controls prompts and is a required dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata