arxiv-doc-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill automatically fetches public arXiv content (see SKILL.md and fetch_paper.py which curl arxiv.org URLs) and explicitly instructs using Claude's Read/vision tools to read converted pages (convert_pdf_with_vision.py), so untrusted, user-submitted paper content will be ingested and interpreted as part of the agent's workflow and could therefore influence subsequent tool use and decisions.