arxiv

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches paper metadata from the public arXiv API (export.arxiv.org) and downloads PDFs from arxiv.org (Steps 2 and 4) and then reads and summarizes abstracts/PDF content as part of its workflow (Step 5), which exposes the agent to untrusted, user-submitted third-party content that could contain instructions influencing its outputs or follow-up actions.