arxiv-watcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly calls scripts/search_arxiv.sh to fetch XML from the public arXiv API and even uses web_fetch on PDF links, so the agent ingests untrusted, user-submitted public papers whose content could influence its parsing, summaries, memory writes, or subsequent actions.