alphaxiv
Warn
Audited by Snyk on May 5, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public, third‑party content from alphaxiv.org (OVERVIEW_URL https://alphaxiv.org/overview/{PAPER_ID}.md and ABS_URL https://alphaxiv.org/abs/{PAPER_ID}.md) and arxiv.org source archives (ARXIV_SRC_URL https://arxiv.org/src/{PAPER_ID}) and its SKILL.md workflow Steps 2–4 require the agent to read and act on that content to produce answers and choose further actions, so untrusted/web content could carry indirect prompt injections.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill fetches external markdown at runtime—https://alphaxiv.org/overview/{PAPER_ID}.md and https://alphaxiv.org/abs/{PAPER_ID}.md (with fallback to https://arxiv.org/src/{PAPER_ID})—and injects that fetched content into the model context to drive/shape agent responses, so these URLs directly control prompts during execution.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata